• Device Isolation

    Earlier today we tested out device Admin Isolation since we have never used it. Isolated just fine, but now cannot remove as the Isolation "status" has shown "Isolating..." for the last 5 hours. Health is Green and does not and never did show up in Admin…
  • How long does Sophos Central try to isolate offline computers?

    Hi, using Intercept Advanced X, from time to time we want to isolate computers which aren't online at the moment. How long waits Sophos Central for the computer to be online again? At some point, it just gives up, want to know when I have to recheck…
  • [DE,EN] Über RDP redirectetes Laufwerk exclude, RDP redirected drive exclude

    [DE] Hallo zusammen Heute schilderte mir ein Kunde das Problem, dass beim Versuch, eine CD in seiner Remotedesktop Session mittels Windows (drag and drop) zu brennen der Vorgang abbricht und die CD somit unbrauchbar macht bis man sie neu formatiert…
  • AMSI/Reflect-KA Detection

    Hello everyone, We get the following alert What happened: We could not clean up a threat. Where it happened: computer name Path: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe What was detected: AMSI/Reflect-KA How severe it…
  • Display Installed Programs on Computers

    Hello, I want to display installed programs on my users' computers. I wonder if i can do that with Sophos. Thanks,
  • MTR Update failure v2.4.0.59

    happens today: C:\ProgramData\Sophos\AutoUpdate\Logs\SophosUpdate.log 2023-09-27T07:14:15.702Z [ 9848:13456] I Installing component MTR64 (MTR64) 2.4.0.59 2023-09-27T07:14:15.889Z [ 9848:13456] I setupDll='C:\ProgramData\Sophos\AutoUpdate\Cache\decoded…
  • Blocked mtp/ptp device printer while installing

    Hi there, I do have a policy Block-USB devices with many exceptions. Suddenly I got the message the device is blocked when installing a printer even when the printer ( MTP/PTP ) is on the exception list by model-id. Model-ID: UMB\VEN_03F0&DEV_HP_PageWide_MFP_P57750&SUBSYS_J9V82B…
  • Web control lists specific endpoint as top malware downloader but no events can be found on the endpoint itself

    Hi, we can see an endpoint and user as "huge" malware downloader in "Top Malware Downladers" report: https://central.sophos.com/manage/endpoint/reports/web-control/malware/create But I can't find a single event or alert or anything linked to specific…
  • How much a DLP will support on Central Intercept X Advanced

    We had a CIXA Demo session with a customer, They have raised the below queries, 1. All public email services (Yahoo, Gmail etc) have to block login-in and allow only the business email/Outlook. Instead of blocking individual, they need a category…
  • Sophos clean stopped

    we have this problem, we already reinstall agent, reboot, there is no other security solution
  • Sophos Firewall reported computer not sending heartbeat signals

    Hello everyone, a few weeks ago, we finally activated heartbeat-restrictions on our XG 230 ( SFOS 19.5.1 MR-1-Build278) . After that, we got a lot of "missing heartbeat" alerts, which I could reduce by changing the report delay of the firewall to central…
  • Update Cache / Relay Server

    I have Few Servers in Azure cloud. I installed update cache and message relay in one server that is always connected to internet but other 30 servers I wanted to assign to that server. I tried to assign manually point that servers where update cache and…
  • Controlled/blocked applications are showing up in the list of Allowed Applications - Sophos Central.

    I am testing the Sophos endpoint protection EAP, and have synchronized application control enabled. I am having an issue, where all the controlled application that are set to blocked are showing up as allowed, even applications I do not use, such as remote…
  • Digital Certificate on Browser

    Hi everyone, i 'm having trouble using the certificates we have installed in browsers to authenticate to some web services. The endpoint is blocking usage, making usage impossible. Has anyone gone through something similar?
  • Can endpoint defense now intercept DSyscall process injection?

    I found that HPMA can already intercept, but sophos doesn't seem to have fusion rules yet
  • The Chinese characters in the notification on the WINDOwS10 Chinese system are garbled

    This error occurs in all notifications, not in specific cases
  • Trigger a Message using Sophos Endpoint

    Due to a requirement of devices not on Asset inventory need to broadcast a message to ENDPOINT users who are using the systems. Is there a way to trigger such a custom message?
  • DBJammer Ransomware on SQL Servers - EDR Queries if any?

    06961063 / Detection for dbjammer Ransomware / ref:_00D301GN6a._5003Z1bh7RS:ref https://www.securonix.com/blog/securonix-threat-labs-security-advisory-threat-actors-target-mssql-servers-in-dbjammer-to-deliver-freeworld-ransomware/ Securonix…
  • Allow files downloaded from specific website or product name from such executable

    Hello, A client of ours has to download updates from their ERP software regularly and recently Sophos Endpoint has began flagging it as a PUA, we allowed the hash on the global exclusions, but as we know, each update would have a different hash. Is…
  • SSL/TLS inspection in Endpoint--Threat Detection settings vs. deployment of the CA manually into the certificate store?

    I am testing the Sophos Intercept X Endpoint Beta and noticed the settings In Threat Protection for SSL/TLS inspection. If I already have HTTPS scanning enabled in the firewall rule and the CA is deployed on the endpoint into the trusted certificate…
  • pt testing and no notification

    Hi One of our customers did pen test. They run Nesson, port scan and all kind of queryies, in the Sophos portal nothing in the logs or in the detection. man in the middle, nothing from the Sophos and nothing in the logs. Mybe there is a problem…
  • Endpoint client installation refusal on windows 7

    I have windows seven machines that are refusing the endpoint client installation. The error message is license is invalid. Is there any way we can install the client without changing the operating system to Windows ten.
  • Installation issue

    2023-08-26T12:10:58.7029144Z INFO : Set security protocol: 00000800 2023-08-26T12:10:58.7029144Z INFO : Opening connection to mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com 2023-08-26T12:10:58.7029144Z INFO : Sending request for connection confirmation…
  • Core Agent report Sophos Central

    Hi, How to generate a report of Core Agent version of all devices? Excel or CSV, do not mind
  • No access to URL once unlocked

    Hello I will have been looking at the Sophos Endpoint panel for around 3-4 hours for a web page that I have included in the website management list, to say that I have tried others and it does enable them, but in the case of the one indicated there…