Su-repair.exe

[James Gillock]

Surepair.exe is a file associated with Sophos Ltd, a software company that specializes in security products.

This particular file is known to be a part of the Sophos Update Repair tool, which is used to repair and fix issues related to updating Sophos security software. When users encounter problems with updating their Sophos products, they can run su-repair.exe to identify and resolve any issues that may be causing the updates to fail. The tool is designed to ensure that Sophos security software remains up-to-date and fully functional, providing users with the latest protection against cybersecurity threats.

How do we know? Our SpyShelter cybersecurity labs focuses on monitoring different types of Windows PC executables and their behaviors for our popular SpyShelter Antispyware software. Learn more about us, and how our cybersecurity team studies Windows PC executables/processes.

The publisher of an executable is the entity responsible for its distribution and authenticity. Most processes/executables on your PC should be signed. The signature on the executable should have been verified through a third party whose job it is to make sure the entity is who it says it is. Find an unsigned executable? You should consider scanning any completely unsigned .exe on your PC.

I have added the SophosLaunchUpdate.exe, Sophosupdate.exe, su-repair.exe, su-setup32.exe, su-setup64.exe and Sophossetup.exe to our allowed elevated privileges to help Sophos central Endpoint to work, but somethign is still missing when it comes to Sophos File Scanner being able to update itself.

I believe I can see in the SFS log where it tries to set Tamper Protection to off, but I don't think this is happening for our devices. The Pipe timeout is already set for 120000, so that won't be our issue. I believe it to be in the SFS update process not having elevated privileges itself or as dependent process that spawns and runs the update does not have elevated privileges.

3a8082e126