Advisory: Sophos Endpoint - "Your connection isn't private." Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

Sophos keeps notifying c:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Exec_28a (T1059.001) and Exec_6a (T1059.001)

Hello Everyone, I have tryied to search about this in the forum but couldn't find anything.

My scenario is  : XGS2100 Xstream protection + Endpoints with advanced Threat protection.

I keep receiving this two alerts but I have tried to see what to do and cannot undestand where is the cause.

In Sophos Central i find "root cause cannot be identified".

Process involved is windows powersheel but in traffic graphing there is nothing showing.

Notification that arrives from central says that it was impossible to remove the threat but if I log into the client and check sophos endpoint it says that threat has been removed.

did anybody encounter same behaviour?

thanks in advance

regards



Updated the tags
[edited by: Gladys at 9:20 AM (GMT -8) on 2 Jan 2024]