I was looking for some answer in regards to Exploit Events, Sophos Clean on Enterprise and Sophos Clean Licencing
Firstly, I've rolled out Exploit to some test machines, one of the machines is shown to have some exploits in the event area on the Enterprise console. There is nothing to be cleaned within the resolve alerts and errors section of this machine. Does this mean that Exploit count in the Events page are false positives? Ive copied a screen shot, however its not the clearest to see
Secondly, is Sophos Clean an Automated or a manual process when using from the enterprise console? Ive seen on Sophos Central that Sophos Clean is Automated when a Exploit happens?
Lastly, i'll be running Sophos clean from shared location. Im assuming at each time ran, I'll have to enter the activation key? Or do you recommend rolling Sophos Clean out to all endpoints and having this as managed application
Exploit Prevention monitors running processes, in other words it detects a crime in progress and acts immediately. Thus there is nothing to clean or resolve afterwards. The count represents actual interventions.
Sophos Clean can (not?) yet be managed from the Console. While it is installed together with EXP and CryptoGuard it has to be activated and configured individually on the endpoints. If you run it from the shared location you have the option to also install it on the endpoint. Note that you can activate (i.e. enter the license key) using the command line.