Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Subscribers 15 subscribers
  • Views 5852 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to quit on Mac OS

intrusus

Hello,

I have the problem that one of our consultants is using a Mac Book with MacOS Catalina 10.15.3 and for troubleshooting purposes must / wants to quit Intercept X Advanced.
If he now clicks on "Quit", the Sophos Agent will restart itself. Even if tamper protection is disabled.

He is using:

  • Sophos Central Intercept X Advanced
  • Product version : 9.9.6
  • Engine version : 3.77.1
  • Virus data version : 5.73
  • User interface version : 2.07.377
  • Platform : Darwin/AMD64
  • Released : 03 March 2020

We're currently running the SDU, if you need specific log files please let me know.



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    Could you please provide the screenshot where the customer is able to see the message to "Quit" Intercept X. As suggested by  you can unassign the software for that particular machine so that it will be uninstalled. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • 0 in reply to Shweta

    Hi 
    Hi 

    thank you for trying to help out.

    First, you have to know that we are an IT Service-Provider, so there are situations where no software should interfere in our business processes and tasks when being on our customers' site.
    Second, it's only possible to stop the specific components by disabling the policy inside Intercept X for max. 4 hours. The software itself cannot be "stopped". It would be a bit of a hassle to uninstall and reinstall the software every time you want to check if a problem can be fixed by doing so.

    Could you please provide the screenshot where the customer is able to see the message to "Quit" Intercept X. As suggested by  you can unassign the software for that particular machine so that it will be uninstalled. 

    As I wrote in my first post, our problem is an internal one. An employee of mine (IT Consultant) simply wants to have the ability to terminate the Endpoint Protection. Nevertheless here is the requested screenshot:

    When he hit "Sophos Endpoint beenden" (means "Quit Sophos Endpoint"), the software quits and restarts immediatly. This is usually okay, since users should not be able to simply terminate Endpoint Protection. But even if tamper protection is deactivated, we are not able to shut down the software completely. This is a bit critical in an IT company like ours. [:S]

    Intrusus
    Sophos Certified Engineer | Sophos Certified Technician

    private lab:
    XG firewall with SFOS 18.0.3 MR-3
    Intercept X Advanced (for Server) with EDR EAP latest
    If a post solves your question use the 'Verify Answer' link

  • +1 in reply to intrusus

    Hi  

    I can understand that this type of scenario might be business-critical for your organization. At the moment, it is only possible to turn off the protection features by unchecking all the features in the endpoint menu after entering the tamper protection password and it is not possible to "pause" or "disable" the all the processes/services of the endpoint for a specific time. You can try creating a new policy for such devices on Sophos Central and then when needed, turn off all the protection features for this policy. 

    This means that the endpoint is still tamper protected and you don't have to worry about it timing out after 4 hours. When all the protection features are turned off from Sophos Central/locally by unchecking the boxes, the endpoint should not interfere with the other applications/processes. Have you tried creating exclusions for these applications/processes? 

    Thanks,
    Yashraj Singha
    Manager | Global Community Support
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply
  • +1 in reply to intrusus

    Hi  

    I can understand that this type of scenario might be business-critical for your organization. At the moment, it is only possible to turn off the protection features by unchecking all the features in the endpoint menu after entering the tamper protection password and it is not possible to "pause" or "disable" the all the processes/services of the endpoint for a specific time. You can try creating a new policy for such devices on Sophos Central and then when needed, turn off all the protection features for this policy. 

    This means that the endpoint is still tamper protected and you don't have to worry about it timing out after 4 hours. When all the protection features are turned off from Sophos Central/locally by unchecking the boxes, the endpoint should not interfere with the other applications/processes. Have you tried creating exclusions for these applications/processes? 

    Thanks,
    Yashraj Singha
    Manager | Global Community Support
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children
Unfiltered HTML