This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to quit on Mac OS

Hello,

I have the problem that one of our consultants is using a Mac Book with MacOS Catalina 10.15.3 and for troubleshooting purposes must / wants to quit Intercept X Advanced.
If he now clicks on "Quit", the Sophos Agent will restart itself. Even if tamper protection is disabled.

He is using:

  • Sophos Central Intercept X Advanced
  • Product version : 9.9.6
  • Engine version : 3.77.1
  • Virus data version : 5.73
  • User interface version : 2.07.377
  • Platform : Darwin/AMD64
  • Released : 03 March 2020

We're currently running the SDU, if you need specific log files please let me know.



This thread was automatically locked due to age.
Parents
  • Hi  

    Could you please provide the screenshot where the customer is able to see the message to "Quit" Intercept X. As suggested by  you can unassign the software for that particular machine so that it will be uninstalled. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Support Videos | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

     

  • Hi 
    Hi 

    thank you for trying to help out.

    First, you have to know that we are an IT Service-Provider, so there are situations where no software should interfere in our business processes and tasks when being on our customers' site.
    Second, it's only possible to stop the specific components by disabling the policy inside Intercept X for max. 4 hours. The software itself cannot be "stopped". It would be a bit of a hassle to uninstall and reinstall the software every time you want to check if a problem can be fixed by doing so.

    Could you please provide the screenshot where the customer is able to see the message to "Quit" Intercept X. As suggested by  you can unassign the software for that particular machine so that it will be uninstalled. 

    As I wrote in my first post, our problem is an internal one. An employee of mine (IT Consultant) simply wants to have the ability to terminate the Endpoint Protection. Nevertheless here is the requested screenshot:

    When he hit "Sophos Endpoint beenden" (means "Quit Sophos Endpoint"), the software quits and restarts immediatly. This is usually okay, since users should not be able to simply terminate Endpoint Protection. But even if tamper protection is deactivated, we are not able to shut down the software completely. This is a bit critical in an IT company like ours. [:S]

    Intrusus
    Sophos Certified Engineer | Sophos Certified Technician

    private lab:
    XG firewall with SFOS 18.0.3 MR-3
    Intercept X Advanced (for Server) with EDR EAP latest
    If a post solves your question use the 'Verify Answer' link

  • Hi  

    I can understand that this type of scenario might be business-critical for your organization. At the moment, it is only possible to turn off the protection features by unchecking all the features in the endpoint menu after entering the tamper protection password and it is not possible to "pause" or "disable" the all the processes/services of the endpoint for a specific time. You can try creating a new policy for such devices on Sophos Central and then when needed, turn off all the protection features for this policy. 

    This means that the endpoint is still tamper protected and you don't have to worry about it timing out after 4 hours. When all the protection features are turned off from Sophos Central/locally by unchecking the boxes, the endpoint should not interfere with the other applications/processes. Have you tried creating exclusions for these applications/processes? 

    Thanks,

    Yashraj Singha

    Community Team Lead, Support & Services| Sophos Technical Support
    Support Videos | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' button.

  •  

    thank you very much for your kind reply.

    Currently, everything works without us having to stop all the services, so thanks for your information. We'll try to use the "unchecking features" option if anything will occur. However, in the future, even with Sophos products, it is possible that technical problems may occur with both MacOS and Windows. If you could forward the case to the Intercept X Dev-Team I would be pleased, maybe they'll add the "Quit Sophos" (all Sophos Services) option to one of your next major releases. [;)]

    Thanks and best regards

    Intrusus
    Sophos Certified Engineer | Sophos Certified Technician

    private lab:
    XG firewall with SFOS 18.0.3 MR-3
    Intercept X Advanced (for Server) with EDR EAP latest
    If a post solves your question use the 'Verify Answer' link

  • Hi  

    Sure, You can provide your suggestions through feature request on this website. This portal is for the feature requests which customer wants to have in the product.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Hi  

    I am happy to know that I was able to help you. I can see how some people might consider turning off services and processes for a specific time useful, but at the moment, you can only disable Sophos protection features and not services. So, as  suggested, please raise a feature request here: https://ideas.sophos.com/forums/428821-sophos-central

    Thanks,

    Yashraj Singha

    Community Team Lead, Support & Services| Sophos Technical Support
    Support Videos | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' button.

  • Done,

    you can find it here: https://ideas.sophos.com/forums/428821-sophos-central/suggestions/39963637-ability-to-stop-terminate-quit-applications-and-se

    I hope the dev team will see it.
    Thanks again for your help!

    Cheers

    Intrusus
    Sophos Certified Engineer | Sophos Certified Technician

    private lab:
    XG firewall with SFOS 18.0.3 MR-3
    Intercept X Advanced (for Server) with EDR EAP latest
    If a post solves your question use the 'Verify Answer' link

Reply Children
No Data