Sus/Sality-A

Category	Suspicious behavior and files
Type	Suspicious behavior
What's been detected	Sus/Sality-A exhibits characteristics commonly, but not exclusively, found in malware.
What to do	If you've received an alert, then the detected file is likely to be malicious, but it's up to you to choose whether to trust the file or take other action.

Summary

Summary
Action
More Information


Affected operating systems	Windows
Included in our products from	December 2008 (4.36)
Protection available since	3 October 2008 22:49:55 (GMT)
Last updated	20 October 2008 20:13:33 (GMT)
Detected by	Sophos Anti-Virus for Windows, version 7

Action

Summary
Action
More Information

Your options

If you've received an alert, then you have 2 options:

authorize the file
send the file to the lab for analysis

Authorize the file if it's from a trusted source.

Send it to the lab for analysis if you:

do not trust the file
or believe it to be compromised in some way

To reduce the chance of unwanted detections, Sophos HIPS should be set to 'Alert only' mode for the duration of any software installations. For more information, please read the knowledgebase article about deciding whether to allow or block a file.

Sending a file to the lab?

When you complete the sample submission form, please give a reason for your submission and mention this "HIPS/" detection.

More Information

Summary
Action
More Information

Sus/Sality-A is a file that displays characteristics or behavior typically associated with malware.

Sus/Sality-A is a file that may have been infected by W32/Sality-AM.

Please send a sample to Sophos support to assist in improving our technology.

Get reports about the latest suspicious behavior and file detections delivered to your computer