Karl

← Sophos Ideas

My feedback

An option to prevent execution of software from temporary locations

3 votes

Sign in
prestine
Sign in with Log in with your Sophos ID
Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

2 comments · Endpoint Protection » Malware prevention · Flag idea as inappropriate… · Delete… · Admin →
An error occurred while saving the comment

Karl commented · Mar 11, 2016

Today sophos will detect a executable launched from the temp directory or other suspect location. This as an indicator of compromise is taken into account when detecting malicious activity.

The ability to specifically prevent execution of code (EXE, DLL, JS, JBS, etc..) from select directories like $TEMP, or other commonly used workspaces where malware is often dropped is not currently available. This approach of creating a black list execution location with a white list for authorized business applications is under evaluation as part of the ongoing improvements for the endpoint protection software but is not in any committed roadmap.

Submitting...

Sign in with Log in with your Sophos ID

Searching…

No results.
Clear search results

Give feedback
- Cloud Optix 957 ideas
- Data Protection 119 ideas
- Endpoint Protection 1,251 ideas
- Firewall Management in Central 26 ideas
- Phish Threat 237 ideas
- Secure Web Gateway 376 ideas
- SG UTM 3,744 ideas
- Sophos Central 2,775 ideas
- Sophos Mobile 529 ideas
- XG Firewall 1,719 ideas
Sophos Features & Ideas Laboratory