Hi, we were also affected by the false positive last week. At last it has been fixed. But I was wondering if Sophos would consider improving the remote control abilities of the clients out of the SEC. It came to my mind such things like: disable entire Sophos on the endpoints (stopping, starting Sophos services), just copy the necessary program files like the vbs script provided by Sophos does, improving the deploy-/redeploy process, i.e. if anything went wrong with the installation process on the endpoint, Sophos just stops deploying. what about a force uninstall (see the fixit tool of MS for resolving uninstall issues, had to use it several times to forcly uninstall Sophos to redeploy ist) regardless of a broken installation. Maybe a check if the necessary services (remote registry, task scheduler...) are running, if not try to start them remote from the SEC. Just thoughts. Regards Marcus Deubel :32995

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Dealing with False Positives in general

Hi,

we were also affected by the false positive last week. At last it has been fixed. But I was wondering if Sophos would consider improving the remote control abilities of the clients out of the SEC.

It came to my mind such things like:

disable entire Sophos on the endpoints (stopping, starting Sophos services),
just copy the necessary program files like the vbs script provided by Sophos does,
improving the deploy-/redeploy process, i.e. if anything went wrong with the installation process on the endpoint, Sophos just stops deploying. what about a force uninstall (see the fixit tool of MS for resolving uninstall issues, had to use it several times to forcly uninstall Sophos to redeploy ist) regardless of a broken installation.
Maybe a check if the necessary services (remote registry, task scheduler...) are running, if not try to start them remote from the SEC.

Just thoughts.

Regards

Marcus Deubel

This thread was automatically locked due to age.

Parents

0 JoltCube over 12 years ago

Hello SMI, sorry about the trouble you have had and I am glad that you have resolved your current issues. I will pass that on to our product managers, if you could pass that back to your sales rep as well then it will at least get tracked to a specific customer.
:33091
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 JoltCube over 12 years ago

Hello SMI, sorry about the trouble you have had and I am glad that you have resolved your current issues. I will pass that on to our product managers, if you could pass that back to your sales rep as well then it will at least get tracked to a specific customer.
:33091
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data