Sophos shows Mal/Behav-053 in evidence boc.file

Sophos Anti-Virus = 6.5.7
Release status = Full
Threat detection engine = 2.47.0

i received a notification from sophos that Mal/Behav-053 had been found in C:/Documents and Settings\Users\Application Data\BOC424\evidence.boc i would guess that this is a false positive especially given BOC reputation,
My Threat identity files are updated hourly from my workplace and this threat has been protected by sophos since May but my computer only picked up the “threat” in a scan today


Hi rhys, welcome to the forum :slight_smile:

I think you should report this to Sophos so that they can fix it.

Greetz, Red.

i don’t think it is a false-positive… what sophos is flagging is a copy of some malware that BOC has removed, but saved a a copy of, as “evidence.boc”… all that you would have to do to allow the malware to run would be to restore the original file extension…

in BOC’s “configuration”, you can disable the option for “keep copy of trojan as evidence”… otherwise, you have your “copy of trojan”, “evidence.boc”, which sophos is flagging…