This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Meterpreter Shell not stopped from executing

Hello,

We have just about finished our roll-out of the latest endpoint protection rolled into the Sophos Central offering with Enterprise X. I am doing some sanity testing with Metasploit pro to make sure the Sophos Endpoint  does what we where told. I generated a Reverse_tcp windows Meterpreter payload (with AV evasion enable) and it loaded on the machine and executed giving me a remote shell and Sophos AV didn't squawk one bit. I have all protection settings enabled. what's the deal??

See from the screen shot, my payload is still running. The only time AV kicks in is if i try to get admin from the console.

 Meterpreter Shell not stopped from executing



This thread was automatically locked due to age.
Parents Reply
  • New detection's will be released later today for Metasploit Pro’s Dynamic Payload (AV evasion) method.

     

    32 bit payloads should detect as : Troj/Swrort-PL

    64 bit payloads should detect as : Troj/Swrort-PM

     

    Thank you for highlighting this.

Children
No Data