I would like to confirm if the machine-learning feature of Sophos can protect us againts the new major browser malware Adrozek.
Further information about can be find here:
Detailed one : https://www.microsoft.com/security/blog/2020/12/10/widespread-malware-campaign-seeks-to-silently-inject-ads-into-search-results-affects-multiple-browsers
My understanding is that a standard signature protection can't beat the countermesure Adrozek are taking.
Also I'm not sure blocking Audiolava.exe, QuickAudio.exe, and converter.exe can a real protection here.
That said, in this one I need your help to tell me if Sophos already have something against it or if I need to look at something else to block it.
As Glenn stated - we are using both forms to detect the malicious element. So, for some scenarios the static detection will prevent the action and in others (based on how the malware is executing…