We are in the process of testing out the SSL/TLS Decryption in our Endpoint policies. I have recently come across an issue with a site our users access that requires a certificate to authenticate properly. I have exempted this site's URL in the global…

hello, we have a serious problem, all the computers that were managed with the sophos central were deleted, so they didn't update and I have 100 computers that are without management. the problem is that I am missing the tamper password of those computers…

Hello all, I want to ask if anyone has a solution or work around. I have talked to Sophos support and their answer is "not capable" and "cannot cover all the leaks currently". Currently, DLP condition for destination is not really destination. It…

Hello, we would like to have a query to search specific events on Windows from EventID variable. Thanks in advance

We are using Intercept X on all of our workstations and I would like to setup a policy where users cannot upload files to any sites. (webmail, online storage, etc.) But I want them to be able to still download from those same sources. Is this possible…

Please see a comment we got from sophos support: Since our latest update to Sophos Central (2.20.13 - April Release onwards), Sophos Web Control and Web Filtering has received a large overhaul. This is not something we can revert however we've found some…

Hi, I was testing a website exclusion in Intercept-X and had a hard time to finnaly get it working. So I wanted to browse to the Sophos Testsite. As expected this was blocked. regardless of http or https used. So I went to Central Global settings…

Will i still be able to log into the admin console after my licence expires? I just want to make sure i will be able to remove tamper protection from any laptop we havent been able to move over to the new solution before the expire date

Hello, i need to know all website that user access from their devices, can XDR do this? If XDR can do it, please guide me to query. thanks

good morning I wanted to know if in the DLP it is possible to add a rule to block folders on a network share? Danilo

support.sophos.com/.../KB-000043946

Hello, I want to have a query to check for possible PII. There is the query to check for metadata such a password.docx or password.txt. Below is what I have so far and this works as long as you have the exact file path and pattern you are looking…

Hi, Is there any query that find if the files on the device based on hash that we define? Thank you and kind regards.

Dear all, We have following issues with a couple of users - They not able to open a link in Outlook, it doesnt matter if its link to a local or a network file.Most after hours the link opens, somtimes they not able to upload files in the webbrowser…

Ok, so I have some devices on my organization that don't show up in Sophos Central. I've already made some research on how to fix this issue, but there are some concerns: 1 - they've been deleted for more than 90 days, so I cannot recover their passwords…

Trying to create a Live Query to assess the state of the Windows Firewall via the registry. I started with the "View registry Section" query and modified it to the following. The initial case statement ALWAYS produces the results "Error", even though…

Hey All, I was wondering has anyone has any issues with having this installed on Windows 11 ? I installed it and the Encryption policy never seems to ask for a password, I can see there is a TPM but doesnt ask for a password to be set for bootup.

Hello, I am trying to sign-in to endpoint agent as an adminstrator, first i did past the TP which i got from Sophos Central: Summery==> Tamper Protection But in endpoint says: Sign-in failed. Please check and try again. I did Generate new password (new…

What is that? Have HTTPS decryption enabled on EP. This is some kind of new because that site worked about 2 weeks ago. The Website CA is issued by Go Daddy Secure Certificate Authority - G2 Valid from January 14, 2022 to February 15, 2023…

Hello, Do we have a live discover query that will search for a SHA256 on all computers and give the results ?

just want to allow a website for a cl i ent thru the admin portal. terrible lay out. why do i have to navigate to like 15 different windows and multiple admin pages. figure it out

Hello All. So more and more cyber insurance questionnaires are asking for SIEM SOC and 24x7 monitoring. We have been using Sophos Advanced Intercept-X for years and have been relatively happy with it. We considered the XDR option but that means we need…

I have a PC missing from the Sophos control panel - yet the PC has Sophos installed and working. it's getting updates but has not have a profile pushed to it for quite some time. it's Tamper protected so is there a way to add the device manually…