Karl

← Sophos Ideas

My feedback

An option to prevent execution of software from temporary locations

3 votes

Sign in
prestine
Sign in with: Log in with your Sophos ID
Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea

2 comments · Endpoint Protection » Malware prevention · Flag idea as inappropriate… · Delete… · Admin →
An error occurred while saving the comment

Karl commented · Mar 11, 2016

Today sophos will detect a executable launched from the temp directory or other suspect location. This as an indicator of compromise is taken into account when detecting malicious activity.

The ability to specifically prevent execution of code (EXE, DLL, JS, JBS, etc..) from select directories like $TEMP, or other commonly used workspaces where malware is often dropped is not currently available. This approach of creating a black list execution location with a white list for authorized business applications is under evaluation as part of the ongoing improvements for the endpoint protection software but is not in any committed roadmap.

Submitting...

Sign in with:

Log in with your Sophos ID

Searching…

No results.
Clear search results

Give feedback
- Cloud Optix 957 ideas
- Data Protection 127 ideas
- Endpoint Protection 1,272 ideas
- Firewall Management in Central 30 ideas
- Phish Threat 242 ideas
- Secure Web Gateway 369 ideas
- SG UTM 3,736 ideas
- Sophos Central 2,976 ideas
- Sophos Mobile 539 ideas
- XG Firewall 1,841 ideas
Sophos Features & Ideas Laboratory