This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Misses catch of eicar test

Dear Sophos team,


I am wondering why Sophos did not detect the eicar test in web site test after downloading the file test (eicar.com.txt) despite that I put the default navigator is selected under Sophos for checking the link!!


the test web site is:http://www.eicar.org/download/eicar.com.txt

 

Could you please tell us how you can solve that issue??


Thanks in advance.


Lair_r



This thread was automatically locked due to age.
Parents Reply Children
  • Dear Jasmin,

    I try the link and it works with the default navigator;  but believe me I try the same link under opera browser, Sophos missed all downloaded files and has caught some of them only after the full scan and it still missing the zipped files; I attached here the picture shows the downloaded files & picture of caught only after full scan and another images concerning showing an exmple of Dr web antivirus Android showing when is active with issues and the last one when is activated and is secured.

     

     

     

    Could you please give me the reason why Sophos missed them under opera browser?

    Thanks in advance.

    Lair_r

  • Hi  

    I have tested the same scenario under the Opera browser and it is being detected by Sophos Mobile, Could you please re-scan and check once? 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • Dear Shweta,

     

    I redo the exercise by using opera android browser and believe me I have the same results; here I attached two images, the first one contain the downloaded files, and the second one contain what Sophos has caught.

     

    For another check I runed a full scan I found the same things; always still missing the zipped files.

     

    Could you please recheck this issue?

     

     

    Thanks in advance.

    Lair_r

  • Hi  

    If the zip files have been downloaded directly through https link, then Sophos Intercept X for mobile will not do the file scanning as the file data will be in the encrypted form.

    However, Sophos Intercept X for mobile will block the website which is in the block list even if it has been accessed with its https link. 

    If you'll try to unzip those files, Sophos Intercept X for mobile will automatically detect the original file of Eicar. 

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Dear Jasmin,

    Many thanks for your replay, but the issue still, even after I open the zipped files after downloading Sophos could not caught them; I attached here the zip downloaded files & 02 zip files opened by WinRAR application and no notification by Sophos. See the last image of Sophos home page.

     

     

     

     

     

    Could you please see this issue with your team in order to reach to solve this issue by an update of this version?

    In addition to that I suggest if it’s possible to added custom scan at least we could run it for the external or internal storage.

    At end I just need to mention that I use to use Sophos endpoint and security under windows in my work in our business company, Sophos home free edition under windows in my personal laptop and Sophos mobile security under my smartphone since a long time and I appreciate the value of protection for all of them; here I would like to keep this mind, because really all Sophos products worth be used.

    Thanks in advance.

    Lair_r

  • Hi  

    Thank you for the nice gesture and appreciation for the products you are using.

    I just tested the scenario on my testing phone. Intercept X for mobile many times will not give the prompt of the detection and for the action. If you'll visit the Intercept X for mobile, it has already detected it and you can perform the required action from there. Even if it goes undetected (happened 1 out of 10 times because I was continuously doing unzip of the file), the manual scan had detected it in the manual scan.

    Even if you are not doing any manual scanning, the file will be detected whenever it'll be accessed by you or by any other application through Intercept X for mobile.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link