Security analysesFind SophosLabs data about viruses, spyware, suspicious behavior and files, adware, PUAs, and controlled applications and devices.
-
Viruses and spyware -
Suspicious
behavior and files -
Adware and PUAs
-
Controlled
applications -
Controlled
devices
Files that are already executing and behaving questionably are detected as suspicious behavior, while files that look untrustworthy before they execute are detected as suspicious files.
In this section, you will find information about these two forms of detection. Files flagged as suspicious are likely to be malicious, but it's up to you to decide whether to trust them.
Runtime detection of suspicious behavior
Buffer overflow detection
We treat buffer overflows with suspicion, because they can be a form of run-time attack that enables malicious code to gain unauthorized access to a system. However, not all files or processes that overflow buffers are security risks.
If you are confident that the buffer overflow is not a threat, then authorize it. If you're unsure, then send the file to SophosLabs for analysis.
Pre-execution detection of suspicious files
- Sus/AutoInf-A
- Sus/AutoInf-B
- Sus/AVKill-B
- Sus/BadRar-A
- Sus/BanHosts-A
- Sus/Banker-D
- Sus/Banspy-A
- Sus/Behav-1000
- Sus/Behav-1001
- Sus/Behav-1002
- Sus/Behav-1003
- Sus/Behav-1004
- Sus/Behav-1005
- Sus/Behav-1006
- Sus/Behav-1007
- Sus/Behav-1008
- Sus/Behav-1009
- Sus/Behav-1010
- Sus/Behav-1011
- Sus/Behav-1012
- Sus/Behav-1013
- Sus/Behav-1014
- Sus/Behav-1015
- Sus/Behav-1016
- Sus/Behav-1017
- Sus/Behav-1018
- Sus/Behav-1019
- Sus/Behav-1020
- Sus/Behav-1021
- Sus/Behav-113
- Sus/Behav-129
- Sus/Behav-166
- Sus/Behav-168
- Sus/Behav-169
- Sus/Behav-192
- Sus/Behav-194
- Sus/Behav-200
- Sus/Behav-231
- Sus/Behav-237
- Sus/Behav-238
- Sus/Behav-239
- Sus/Behav-258
- Sus/Behav-269
- Sus/Behav-272
- Sus/Behav-273
- Sus/Behav-277
- Sus/Behav-278
- Sus/Behav-282
- Sus/Behav-289
- Sus/Behav-292
- Sus/Behav-297
- Sus/BHO-G
- Sus/BHO-L
- Sus/Cazcan-A
- Sus/ComPack
- Sus/ComPack-B
- Sus/ComPack-C
- Sus/ComPack-D
- Sus/ComPack-E
- Sus/ComPack-F
- Sus/ComPack-G
- Sus/Compack-H
- Sus/ComPack-I
- Sus/ComPack-J
- Sus/ComPack-K
- Sus/Dbot-A
- Sus/Dbot-B
- Sus/Delf-J
- Sus/DelpDldr-A
- Sus/DialerGen-A
- Sus/DOSCom-A
- Sus/Dropper-A
- Sus/Dropper-AE
- Sus/Dropper-R
- Sus/Emogen-AB
- Sus/Emogen-J
- Sus/Emogen-W
- Sus/Emogen-X
- Sus/EncPk-FA
- Sus/EncPk-FL
- Sus/EncPk-FV
- Sus/FakeVir-F
- Sus/Feebsesk-A
- Sus/Flake-A
- Sus/HookQSI-A
- Sus/Iframe-G
- Sus/Iframe-J
- Sus/Iframe-K
- Sus/Impy-A
- Sus/Inject-C
- Sus/Keygen-A
- Sus/Madcode-A
- Sus/Malware-A
- Sus/Malware-B
- Sus/Malware-C
- Sus/Mdrop-C
- Sus/Mdrop-H
- Sus/Mdrop-J
- Sus/ObfJS-AU
- Sus/ObfJS-BD
- Sus/ObfJS-BF
- Sus/ObfJS-BG
- Sus/ObfJS-BI
- Sus/ObfJS-BK
- Sus/ObfJS-BL
- Sus/ObfJS-BM
- Sus/ObfJS-BP
- Sus/Parasit-A
- Sus/Plaost-A
- Sus/RarHosts-A
- Sus/Sality-A
- Sus/Spy-B
- Sus/SWFScene-A
- Sus/TinyDL-G
- Sus/Uddo-B
- Sus/UnkPacker
- Sus/VB-H
- Sus/VBDWN-J
- Sus/Veneb-B
- Sus/Virtum-B
- Sus/Zirit-A
- Sus/Zlob-O
- Sus/ZlobInst-A
