This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Add an exception for "Network Threat Protection"

Hi guys,

on our Windows 10 clients we are using Sophos Intercept X Advanced, managed in Central.

We are having some problems when using a specific VPN client (ShrewSoft). After some testing we were able to figure out that "Network Threat Protection" is blocking the application. If we switch NTP off then everything is working fine.

I did quite some reasearch and googling but unfortunately couldn't figure out how to add an exception for an application in NTP.

Any help is appreciated!

Thanks in advance!



This thread was automatically locked due to age.
Parents
  • It is worth mention, the NTP component has a few features.

    • IPS
    • Web Protection and Control (in the new endpoint version, i.e. the one without SAVService.exe which is part of SAV)
    • Heartbeat
    • C2 connection.

    If you make a real-time scanning exclusion for say "C:\test\test.exe" in the Threat protection policy (or global exclusions), then this will be picked up by NTP. This process will not be checked for connections to command and control servers. You will see the entry in "C:\ProgramData\Sophos\Sophos Network Threat Protection\Config\Policy.xml" at the client. Does that help?

  • Yes that helps! Thanks a lot! :-)

  • Hi again, I have a follow up question. How can we completely disbale NTP? I already tried to disable several functions in central but NTP keeps running. Which policy/ setting do I need to change to switch it off?

    Thanks in advance!

  • As per Sophos' recommended configuration, NTP should be enabled by default. Turning off either one of the components beats the purpose of having endpoint protection in your system. However, you can turn off the said components by toggling to the Endpoint UI and turning off the NTP manually. Note that Sophos may not take responsibility for any issues after performing the said action especially when you got hit by any attack

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply
  • As per Sophos' recommended configuration, NTP should be enabled by default. Turning off either one of the components beats the purpose of having endpoint protection in your system. However, you can turn off the said components by toggling to the Endpoint UI and turning off the NTP manually. Note that Sophos may not take responsibility for any issues after performing the said action especially when you got hit by any attack

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children
No Data