I know about the SophosTester, HighScore, FakeDrop, sophostest.com and MTD.vbs.
How can we test the IPS and how should an IPS detection look like?
Excellent question. I will post an article on how to test IPS later today.
See https://community.sophos.com/products/intercept/early-access-program/f/recommended-reads/116135/how-to-test-ips for how to test IPS.
What about if the test doesn't trigger any detection?
I've disabled the windows firewall, tried the script both without argument and in server mode.I can see the connection coming in like "nc" style on the sever side. No alert on sophos endpoint
The version installed is:
Hi Fabio, that is really weird. You seem to have to correct Core Agent version.
There are two obvious things we can check:
the machine was added to eap list of machine partecipating. I though the "BETA" version in the core agent line was exactly stating that.
The screenshot has been taken exactly from that machine. why are you saying "if that screenshot is from the client that doesn't do the detection, then that seems to be the case"?
The ips feature was not changed as tamper protection is in place. Anyway, I've checked and it appears to be in place.
Thanks for your answer!
As for the IPS setting, I was referring to the setting in Central. It is possible you've disabled it here:
I will check what we can do, and will come back to you.
that make sense but unfortunately that's not the problem:
Any other idea?
I've sent you a PM.
Please can you advise which OS you are running on the machine in question?
Hi Stephen, sure. Here it is: