Some cookies on this site are essential, and the site won't work as expected without them. These cookies are set when you submit a form, login or interact with the site by doing something that goes beyond clicking on simple links.
We also use some non-essential cookies to anonymously track visitors or enhance your experience of the site.
To control third party cookies, you can also adjust your browser settings.
Files that are already executing and behaving questionably are detected as suspicious behavior, while files that look untrustworthy before they execute are detected as suspicious files.
In this section, you will find information about these two forms of detection. Files flagged as suspicious are likely to be malicious, but it's up to you to decide whether to trust them.
Runtime detection of suspicious behavior
We treat buffer overflows with suspicion, because they can be a form of run-time attack that enables malicious code to gain unauthorized access to a system. However, not all files or processes that overflow buffers are security risks.
If you are confident that the buffer overflow is not a threat, then
authorize it. If you're unsure, then send the file
to SophosLabs for analysis.
Pre-execution detection of suspicious files
If you're unsure about the status of a file, send the file to SophosLabs for analysis.
Submit a sample
Try Sophos products for freeDownload now
Free business-grade security for the home.
Our top 10 predictions for security threats in 2016
Get the report
Sophos Ltd. All rights reserved.