Thread Info
  • State Verified Answer
  • +5 person also asked this people also asked this
  • Locked Locked
  • Replies 13 replies
  • Subscribers 20 subscribers
  • Views 9953 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Threat Analysis Center / Detections: "Vulnerability SRP path rules missing" caused by MDR checks

LHerzog
The detections section in Threat Analysis Center is filling with many of these events caused by MDR checks.
SRP seems to be related to Microsoft Software Restriction Policies.
What is the intension of this check?
"COMPLIANCE-SRP-DISALLOWED-PATHS"



This thread was automatically locked due to age.
  • 0 in reply to Speedfish

    "detections identify activity on your devices that's unusual or suspicious but hasn't been blocked. They're different from events where we detect and block activity that we already know to be malicious." Sadly you dont get any information via support. The reason is simple, they want to sell MDR ;-)

  • +3 in reply to JeroenD

    After raising your concerns to our teams internally, I was informed that the detections related to Software Restriction Policies will be disabled in an upcoming release.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0 in reply to Qoosh

    That is very good news, thank you.

    We do understand that when looking at the 'detections' we're kind of looking "under the hood" of the Sophos engine and many detections are just observations (like a changed user, password incorrect, etc) and are mainly for MDR purposes. But, especially with the new user friendly dashboard graphs, end users can also keep a better eye on their environment (even those with MDR). If these 'medium' alerts will be gone (or informational) in the future, the view will be so much clearer.

    Thanks!

Unfiltered HTML