• Controlled/blocked applications are showing up in the list of Allowed Applications - Sophos Central.

    I am testing the Sophos endpoint protection EAP, and have synchronized application control enabled. I am having an issue, where all the controlled application that are set to blocked are showing up as allowed, even applications I do not use, such as remote…
  • Digital Certificate on Browser

    Hi everyone, i 'm having trouble using the certificates we have installed in browsers to authenticate to some web services. The endpoint is blocking usage, making usage impossible. Has anyone gone through something similar?
  • Can endpoint defense now intercept DSyscall process injection?

    I found that HPMA can already intercept, but sophos doesn't seem to have fusion rules yet
  • The Chinese characters in the notification on the WINDOwS10 Chinese system are garbled

    This error occurs in all notifications, not in specific cases
  • Trigger a Message using Sophos Endpoint

    Due to a requirement of devices not on Asset inventory need to broadcast a message to ENDPOINT users who are using the systems. Is there a way to trigger such a custom message?
  • DBJammer Ransomware on SQL Servers - EDR Queries if any?

    06961063 / Detection for dbjammer Ransomware / ref:_00D301GN6a._5003Z1bh7RS:ref https://www.securonix.com/blog/securonix-threat-labs-security-advisory-threat-actors-target-mssql-servers-in-dbjammer-to-deliver-freeworld-ransomware/ Securonix…
  • Allow files downloaded from specific website or product name from such executable

    Hello, A client of ours has to download updates from their ERP software regularly and recently Sophos Endpoint has began flagging it as a PUA, we allowed the hash on the global exclusions, but as we know, each update would have a different hash. Is…
  • SSL/TLS inspection in Endpoint--Threat Detection settings vs. deployment of the CA manually into the certificate store?

    I am testing the Sophos Intercept X Endpoint Beta and noticed the settings In Threat Protection for SSL/TLS inspection. If I already have HTTPS scanning enabled in the firewall rule and the CA is deployed on the endpoint into the trusted certificate…
  • pt testing and no notification

    Hi One of our customers did pen test. They run Nesson, port scan and all kind of queryies, in the Sophos portal nothing in the logs or in the detection. man in the middle, nothing from the Sophos and nothing in the logs. Mybe there is a problem…
  • Endpoint client installation refusal on windows 7

    I have windows seven machines that are refusing the endpoint client installation. The error message is license is invalid. Is there any way we can install the client without changing the operating system to Windows ten.
  • Installation issue

    2023-08-26T12:10:58.7029144Z INFO : Set security protocol: 00000800 2023-08-26T12:10:58.7029144Z INFO : Opening connection to mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com 2023-08-26T12:10:58.7029144Z INFO : Sending request for connection confirmation…
  • Core Agent report Sophos Central

    Hi, How to generate a report of Core Agent version of all devices? Excel or CSV, do not mind
  • No access to URL once unlocked

    Hello I will have been looking at the Sophos Endpoint panel for around 3-4 hours for a web page that I have included in the website management list, to say that I have tried others and it does enable them, but in the case of the one indicated there…
  • chromedriver ransomeware alert

    Hello, One of our machines is generating this alerts when user is trying to run automations on the chromedriver. It says ransomeware detected. CryptoGuard trying to encrypt files. Can someone please assist or have experienced the same. Let me know what…
  • Hollow Process and VMware ThinApp

    Hi, I have an application created using VMware ThinnApp. Something like a portable application. The last few days I have been getting the application blocked on HollowProcess. Unfortunately the application is quite important for me and I need to run…
  • Installation failed : IsWow64Process2 not available on older platforms

    Hello there, I´m trying to install the Sophos Client on an Server 2016 and I´m getting this Error (short): Installation failed : IsWow64Process2 not available on older platforms On an older thread I found this solution: mkdir C:\digicerttemp …
  • Cómo encontrar rangos de direcciones IP utilizados por Amazon

    tengo un ambiente de produccion en aws y he permitido cuanta urls me dice el manual de sopho para actualizar los agente pero no se me actualizan debe permitir todo el trafico https para que actualicen pero mis politicas internas por el tipo de negocio…
  • Eagle was misreported as ransomware

    I was importing images and Eagle was terminated by HMPA Eagle - 图片收集及管理必备工具
  • Will there be a local independent firewall in the future?

  • Some HMPA rules are not yet found on SOPHOS,When will it be fully integrated?

    Some HMPA rules are not yet found on SOPHOS, such as: MalwareBlocked,StackPivot,ROP,CodeCave,CookieGuard,LockDown。
  • Block Internet Access for Device group

    So I got a group of clients with Sophos Intercept X Advanced with XDR installed. Is there a way to block surfing for those clients via a policy, except for 1-2x Websites? Cause with the "Web Control" -> "Let me specify" -> "Block everything" it doesn…
  • May I ask what happened? Detected on the computer :C2_9a (T1095 mem/meter-e) 、 Disrupt_2a (T1574.002)

  • Sophos DLP not blocking transfer to USB not blocked

    Hi All, Having a real issue around a DLP policy I am trying to create. For context we do quite a bit of business with government organizations (hence I have had to redact some of these screenshots) and as such have a lot of sensitive data on site. My…
  • False positive for javaw.exe

    Hello, I am trying to install application from OpenSTM32 Community Site | HomePage (install_sw4stm32_win_64bits-v2.9.zip from download area) I have been using this application for years.without issues. But the SOPHOS is indicating and blocking javaw…
  • How DLP works?

    Hello! First of all, i'm realy sorry for my bad english! I hope that some people car excuse me and try to help me ;) I'm tring to create some DLP rules. My first step was to create content control lists in Global settings > Data Loss Prevention…