Tech Forum

Community Discussion of Church Technology
https://tech.churchofjesuschrist.org/forum/

Sophos - Quarantine - No rights

https://tech.churchofjesuschrist.org/forum/viewtopic.php?t=5925

Page 1 of 1

Sophos - Quarantine - No rights

Posted: Sun Oct 17, 2010 12:08 am
by greenwoodkl
I just updated our clerk computer from Symantec to Sophos. After a long update period and a reboot, it did a scan. It found a file: C:\WINDOWS\service.exe that it quarantined for containing two viruses. I did not see the file in C:\WINDOWS but in hindsight I didn't verify hidden files were visible, I'll check that at Church later. However, it said I did not have rights to take any action against the files. The computer only has two accounts listed in the Control Panel - CLERK and Guest and CLERK is an Administrator account. Do I just leave those files in Quarantine forever? Is it a random quirk?

Posted: Sun Oct 17, 2010 7:36 am
by russellhltn
kgthunder wrote:It found a file: C:\WINDOWS\service.exe that it quarantined for containing two viruses. I did not see the file in C:\WINDOWS but in hindsight I didn't verify hidden files were visible,
I'd think you wouldn't see them because they've been moved to quarantine. A quick look at my home machine running XP Pro doesn't show any "service.exe" file in the C:\Windows directory. Nor do I find that file in any subdirectory.
kgthunder wrote:However, it said I did not have rights to take any action against the files. [...] Do I just leave those files in Quarantine forever? Is it a random quirk?
It's not random, but It's unclear if that's policy or not. As such, I hesitate to explain how fix that as it may be construed as "Methods for circumventing Church policies or security mechanisms" which is prohibited. As long as it doesn't keep complaining about those quarantined files, I don't see a problem with leaving them there.

Posted: Wed Oct 20, 2010 9:00 am
by scgallafent
RussellHltn wrote:A quick look at my home machine running XP Pro doesn't show any "service.exe" file in the C:\Windows directory. Nor do I find that file in any subdirectory.
You won't find it (unless you've got the infection). There is a file in \Windows\System32 called services.exe.

This is a technique used to make the infection look almost legitimate. From the virus writer's standpoint, this serves to either look important enough that a typical user won't touch it or be close enough to a legitimate file that an experienced user looks at it and misses the slight discrepancy.
All times are UTC-06:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited