Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=exploits

Deal with exploits

This is what happens when we detect an exploit.

If you know a detection is a false positive, see Deal with false positives.

When an exploit is detected, the following things happen:

  • The exploit is stopped.
  • The user is notified.
  • A scan checks all processes in memory for suspicious behavior.
  • A threat graph is generated.

What you should do

Go to Threat Analysis Center > Threat Graphs and review the graph details to find out where the attack started, how it spread, and which processes or files it affected.

Often a user has downloaded or authorized an application that gave an attacker access. To avoid this, give users training in safe browsing.