Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 10 subscribers
  • Views 5150 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PUA not detected - hides itself while scanning

Administrator User124

HI,

on one of our server is a  PUA running, no matter what we tried (online scan / offline scan) it is not detected. The PUA uses some kind of stealth mode. When you try to execute scan on an affected file you can see that the mousepointer moves away from the selected file. Off course, we can clean the server with fresh install, my intent is to be able to detect such software.

What is the recommended way to proceed ?

regards



This thread was automatically locked due to age.
Parents
  • 0

    Hello Administrator User124,

    what is an affected file? Some file (executable) you suspect is related to this PUA?

    For a start, please see the Sophos Malware Remediation Toolkit (SMaRT).

    Christian

  • 0 in reply to QC

    QC said:

    Hello Administrator User124,

    what is an affected file? Some file (executable) you suspect is related to this PUA?

    For a start, please see the Sophos Malware Remediation Toolkit (SMaRT).

    Christian

     

    Hi Christian,

    thanks for your help, we already used the Linux ISo for an offline scan, but unfortunatly it was not detected. We also tried some other offline tools from other vendors without success.

    Affected files, better to say related files, looks like when accessing the files directly they seem more or less clean, when we try to create a dump while the services are running we receive the error:

    "Error configured dump resources: The system cannot find the file specified"

    @Shweta

    We use on premise Endpoint Protection standard, for this case we applied for an InterceptX trial and migrated the server to Sophos Central , also there it was not detected

    We allready contacted the support, as soon a we have more informations i will updated this thread with more detailed informations.

    regards

Reply
  • 0 in reply to QC

    QC said:

    Hello Administrator User124,

    what is an affected file? Some file (executable) you suspect is related to this PUA?

    For a start, please see the Sophos Malware Remediation Toolkit (SMaRT).

    Christian

     

    Hi Christian,

    thanks for your help, we already used the Linux ISo for an offline scan, but unfortunatly it was not detected. We also tried some other offline tools from other vendors without success.

    Affected files, better to say related files, looks like when accessing the files directly they seem more or less clean, when we try to create a dump while the services are running we receive the error:

    "Error configured dump resources: The system cannot find the file specified"

    @Shweta

    We use on premise Endpoint Protection standard, for this case we applied for an InterceptX trial and migrated the server to Sophos Central , also there it was not detected

    We allready contacted the support, as soon a we have more informations i will updated this thread with more detailed informations.

    regards

Children
No Data
Unfiltered HTML