Sophos detecting java.exe as ransomware
I strongly suspect this is a false positive, however, I thought I should mention that the instance of the java.exe file located in:
%installdirectory%\ManageEngine\ServiceDesk\jre\bin
triggered a CryptoGuard event within Sophos. We're running 14.7 Build 14700.
I received an email from the MDR team at Sophos with the following message:
activity triggered a CryptoGuard detection after a heuristic match using algorithms to detect mass rapid encryption of files by analyzing file contents and patterns. After further review, the MDR team has not identified any signs of encryption or ransomware attempting to be deployed. As this activity appears benign and no action is required, we will be resolving this case.
activity triggered a CryptoGuard detection after a heuristic match using algorithms to detect mass rapid encryption of files by analyzing file contents and patterns. After further review, the MDR team has not identified any signs of encryption or ransomware attempting to be deployed. As this activity appears benign and no action is required, we will be resolving this case.
It looks like they agree with my assessment. I thought you guys should know though.
Topic Participants
David Waller
Dinesh Bhaskaran
New to M365 Manager Plus?
New to M365 Manager Plus?
New to RecoveryManager Plus?
New to RecoveryManager Plus?
New to Exchange Reporter Plus?
New to Exchange Reporter Plus?
New to SharePoint Manager Plus?
New to SharePoint Manager Plus?
New to ADManager Plus?