cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
208
Views
0
Helpful
3
Replies
Beginner

Cisco esa SOPHOS

Dear all. today we got virus like wannacry that encrypt entire files on computers. it was sent as .pdf file. inside pdf there is a link that download js file. that file cause computer encryption. when we scanned on virustotal most of antivirus found it as VIRUS. the question is that why cisco esa antivirus not able to catch it?

3 REPLIES 3
Frequent Contributor

Re: Cisco esa SOPHOS

Hi Ccns90, are you using AMP? I suggest you contact TAC for help with analysis.

.
Cisco Employee

Re: Cisco esa SOPHOS

Hey Ccns90,

There could be some variable factors but I would suggest to have a TAC case opened to have it looked into more deeply.
The Sophos engine + definition we run on the Cisco ESAs is a bit different from the Sophos Appliance/Endpoints results which you may see in virustotal.

However as #Mat has also shared, was AMP also used at the time of this file scan?

If the sample was marked clean by Sophos - it may be required to have that sample to be analyzed further as well on Cisco's end to find out what happened.

Regards,
Mathew
Beginner

Re: Cisco esa SOPHOS

ok. i am going to open case. thanks

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here