Threat Indicators

Threat indicators highlight suspicious files that Sophos hasn’t blocked but that you may want to investigate.

You can review threat indicators and take action as follows:

  1. Go to Overview > Threat Analysis Center and click Threat Indicators.
  2. On the Suspicious items tab, you see a list of files. This shows:
    • Suspicion level: The probability that the file is malicious.
    • Executed: Whether the file has been executed.
    • Devices affected: The number of devices where the file has been seen.
  3. For more details of a file, click View details (on the right of the table). You can also:
    • Click the file's SHA 256 hash to search for more instances of the file on your network.
    • Click Generate threat case to do a more in-depth analysis of the file history.
  4. In the details pane, to make sure you have the latest analysis from Sophos, click Request latest intelligence.

    This sends the file to Sophos for analysis. If we have new information about the file's reputation and prevalence, you’ll see it here in a few minutes.

  5. When you have finished your analysis, you can take action.
    • If a file is believed to be malicious, click Clean and block.
    • If you don't believe the file is malicious and don't want to take further action, click Dismiss. The file no longer shows in the threat indicators list.

    Clean and block prevents the suspicious applications from being accessed or run on your devices. The file is added to the Blocked Items list (in your Global Settings).

Actions you've taken are shown on the Actions taken tab.