Meterpreter Shell not stopped from executing

Question

Hello, 
 We have just about finished our roll-out of the latest endpoint protection rolled into the Sophos Central offering with Enterprise X. I am doing some sanity testing with Metasploit pro to make sure the Sophos Endpoint does what we where told. I generated a Reverse_tcp windows Meterpreter payload (with AV evasion enable) and it loaded on the machine and executed giving me a remote shell and Sophos AV didn't squawk one bit. I have all protection settings enabled. what's the deal?? 
 See from the screen shot, my payload is still running. The only time AV kicks in is if i try to get admin from the console. 
 Meterpreter Shell not stopped from executing

PeterM · Accepted Answer

New detection's will be released later today for Metasploit Pro&rsquo;s Dynamic Payload (AV evasion) method. 
 
 32 bit payloads should detect as : Troj/Swrort-PL 
 64 bit payloads should detect as : Troj/Swrort-PM 
 
 Thank you for highlighting this.