Hi, I'm using a laptop from our company and there's a Sophos installed. I'm currently working from home and I'm wondering, can Sophos detect any software that I install even if I'm not on the company network?
It depends on the components/version of Sophos installed.
Is it the Sophos Central client or is it the on-premise Sophos Enterprise Console (SEC) managed client?
If you run services.msc and there is a Sophos MCS Client service then it is Sophos Central, if there is a Sophos Message Router service it is on-premise SEC managed.
If you have the EDR component installed (Sophos Central only) the admin can perform queries, such as listing all the applications installed for example.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\EventJournal\Features\EDR
Enabled = 1 would mean EDR is enabled.
They can also get an admin command prompt to the computer via Live Response, from that they could do anything. This would be Sophos Central only.
Application Control, is another feature which is designed to block alert to certain applications. For example, I could block in the browser category Firefox. If you ran Firefox the admin would get an alert for example. This is Sophos Central and on-premise - SEC managed.
Hi, I checked my services and there's a Sophos MCS Client service. How to know if there's an EDR component installed?
Use Regedit to check the edr key I mentioned. Thanks