This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SOPHOOS~1.DLL and sophos_detoured.dll

Hi Everyone,

I have been getting alerts on another one of our security products detecting both of the DLL files in the title as malicious. From my research it seems to be when the server the changes happen on reboot. It makes a change to the AppInit DLLs. I just wanted to double check if that seems correct. Below is the REG that it changes triggering the alert.

HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\AppInit_DLLs

Thank you all.

This thread was automatically locked due to age.
Parents Reply Children
  • Well the keys you mention are only added by the Sophos Anti-Virus installer at install.  When Sophos performs a major update, it might uninstall and re-install which could cause it to remove and re-add the keys.  This wouldn't happen more than once a month.  It is all expected.