This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

bundlore malware in sophos quarantine.

hello, I have the bundlore malware in quarantine in my sophos, on my mac. as I can not manually remove it I ask myself two questions. Is it dangerous in quarantine? Will it be erased by sophos in 40 days?


This thread was automatically locked due to age.
Parents
  • Hello jurassicpark,

    the analysis of Bundlore has a link under Recovery instructions together with a suggestion for Macs. The linked article has a reference to Sophos Anti-Virus for Mac: How to remove malware.

    Please note that Bundlore is classified as PUA and not outright malicious, i.e. an annoyance rather than a threat. The quarantine is just a record of detected items that have not (for whatever reason) automatically been cleaned up or deleted.
    Whenever you (or "something") tries to open or execute a file it will be scanned (provided you haven't disabled On-Access scanning) and if it's "dubious" it'll trigger a detection. That it has previously been detected doesn't matter, the Quarantine is not consulted during a scan. The Quarantine is not a jailhouse, if you turn off On-Access scanning quarantined files could be opened or executed. No automatic action (e.g. deletion after a certain number of days) is performed on quarantined items.

    Christian

Reply
  • Hello jurassicpark,

    the analysis of Bundlore has a link under Recovery instructions together with a suggestion for Macs. The linked article has a reference to Sophos Anti-Virus for Mac: How to remove malware.

    Please note that Bundlore is classified as PUA and not outright malicious, i.e. an annoyance rather than a threat. The quarantine is just a record of detected items that have not (for whatever reason) automatically been cleaned up or deleted.
    Whenever you (or "something") tries to open or execute a file it will be scanned (provided you haven't disabled On-Access scanning) and if it's "dubious" it'll trigger a detection. That it has previously been detected doesn't matter, the Quarantine is not consulted during a scan. The Quarantine is not a jailhouse, if you turn off On-Access scanning quarantined files could be opened or executed. No automatic action (e.g. deletion after a certain number of days) is performed on quarantined items.

    Christian

Children
No Data