Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Threat Analysis Center / Detections: "Vulnerability SRP path rules missing" caused by MDR checks

The detections section in Threat Analysis Center is filling with many of these events caused by MDR checks.
SRP seems to be related to Microsoft Software Restriction Policies.
What is the intension of this check?
"COMPLIANCE-SRP-DISALLOWED-PATHS"



This thread was automatically locked due to age.
  • "detections identify activity on your devices that's unusual or suspicious but hasn't been blocked. They're different from events where we detect and block activity that we already know to be malicious." Sadly you dont get any information via support. The reason is simple, they want to sell MDR ;-)

  • After raising your concerns to our teams internally, I was informed that the detections related to Software Restriction Policies will be disabled in an upcoming release.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • That is very good news, thank you.

    We do understand that when looking at the 'detections' we're kind of looking "under the hood" of the Sophos engine and many detections are just observations (like a changed user, password incorrect, etc) and are mainly for MDR purposes. But, especially with the new user friendly dashboard graphs, end users can also keep a better eye on their environment (even those with MDR). If these 'medium' alerts will be gone (or informational) in the future, the view will be so much clearer.

    Thanks!