I know about the SophosTester, HighScore, FakeDrop, sophostest.com and MTD.vbs.
How can we test the IPS and how should an IPS detection look like?
I know about the SophosTester, HighScore, FakeDrop, sophostest.com and MTD.vbs.
How can we test the IPS and how should an IPS detection look like?
What about if the test doesn't trigger any detection?
I've disabled the windows firewall, tried the script both without argument and in server mode.
I can see the connection coming in like "nc" style on the sever side. No alert on sophos endpoint
The version installed is:
Thanks
Hi Fabio, that is really weird. You seem to have to correct Core Agent version.
There are two obvious things we can check:
Vince
Hi Vincent,
the machine was added to eap list of machine partecipating. I though the "BETA" version in the core agent line was exactly stating that.
The screenshot has been taken exactly from that machine. why are you saying "if that screenshot is from the client that doesn't do the detection, then that seems to be the case"?
The ips feature was not changed as tamper protection is in place. Anyway, I've checked and it appears to be in place.
BR
fabio
Hi Fabio,
Thanks for your answer!
As for the IPS setting, I was referring to the setting in Central. It is possible you've disabled it here:
I will check what we can do, and will come back to you.
Vince
Hi Fabio,
I've sent you a PM.
Vince
Hi Fabio,
I've sent you a PM.
Vince