Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1149
Views
0
Helpful
3
Replies

Cisco esa SOPHOS

ccna_security
Level 3
Level 3

‎10-14-2019 06:08 AM

Dear all. today we got virus like wannacry that encrypt entire files on computers. it was sent as .pdf file. inside pdf there is a link that download js file. that file cause computer encryption. when we scanned on virustotal most of antivirus found it as VIRUS. the question is that why cisco esa antivirus not able to catch it?

Labels:
0 Helpful
3 Replies 3

#Mat
Level 6
Level 6

‎10-14-2019 10:48 AM

Hi Ccns90, are you using AMP? I suggest you contact TAC for help with analysis.

.
0 Helpful

Mathew Huynh
Cisco Employee
Cisco Employee

‎10-14-2019 03:53 PM

Hey Ccns90,

There could be some variable factors but I would suggest to have a TAC case opened to have it looked into more deeply.
The Sophos engine + definition we run on the Cisco ESAs is a bit different from the Sophos Appliance/Endpoints results which you may see in virustotal.

However as #Mat has also shared, was AMP also used at the time of this file scan?

If the sample was marked clean by Sophos - it may be required to have that sample to be analyzed further as well on Cisco's end to find out what happened.

Regards,
Mathew
0 Helpful

ccna_security
Level 3
Level 3
In response to Mathew Huynh

‎10-14-2019 11:59 PM

ok. i am going to open case. thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents