HIPS/RegMod-008

Category	Suspicious behavior and files
Type	Suspicious behavior
What's been detected	Runtime behaviour alerts of this type inform the user that an attempt has been made to modify registry entries that affect system security features such as a firewall or anti-virus software. Any unathorised changes to these settings could put the computer or network at risk of attack.
What to do	If you've received an alert, a detected file is likely to be malicious, but it's up to you to choose whether to trust the file or take other action.

Summary

Summary
Action
More Information


Affected operating systems	Windows
Detected by	Sophos Anti-Virus for Windows, version 7

Action

Summary
Action
More Information

Your options

If you've received an alert, then you have 2 options:

authorize the file
send the file to the lab for analysis

Authorize the file if it's from a trusted source.

Send it to the lab for analysis if:

you trust the file, but it generates alerts.
you don't trust the file

To reduce the chance of unwanted detections, Sophos HIPS should be set to 'Alert only' mode for the duration of any software installations.

Sending a file to the lab?

When you complete the sample submission form, please give a reason for your submission and mention this "HIPS/" detection.

More Information

Summary
Action
More Information

Runtime behaviour alerts of this type inform the user that an attempt has been made to modify registry entries that affect system security features such as a firewall or anti-virus software. Any unathorised changes to these settings could put the computer or network at risk of attack.

Get reports about the latest suspicious behavior and file detections delivered to your computer