Sophos Ideas

Sophos Ideas

Do you have an idea for a Sophos product? Do you recognize a good idea when you see one? We want to hear from you!

Karl

← Sophos Ideas

My feedback

  1. An option to prevent execution of software from temporary locations

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    2 comments  ·  Endpoint Protection » Malware prevention  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Karl commented  · 

    Today sophos will detect a executable launched from the temp directory or other suspect location. This as an indicator of compromise is taken into account when detecting malicious activity.

    The ability to specifically prevent execution of code (EXE, DLL, JS, JBS, etc..) from select directories like $TEMP, or other commonly used workspaces where malware is often dropped is not currently available. This approach of creating a black list execution location with a white list for authorized business applications is under evaluation as part of the ongoing improvements for the endpoint protection software but is not in any committed roadmap.

Feedback and Knowledge Base

(thinking…)
icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.