• ScanD not running MacOS

    So I'm having the same problem as a bunch of other people with ScanD not starting on later versions of MacOS. I have a site with mostly Ventura but a few older ones and now a Sonoma system. I got the Network scanning working by doing the "move the extension…
  • Sophos keeps notifying c:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Exec_28a (T1059.001) and Exec_6a (T1059.001)

    Hello Everyone, I have tryied to search about this in the forum but couldn't find anything. My scenario is : XGS2100 Xstream protection + Endpoints with advanced Threat protection. I keep receiving this two alerts but I have tried to see what to do…
  • Microsoft office applications started being blocked on macOS machines

    From today macOS users started claiming microsoft office applications were blocked by Sophos EP. As fas as I know, according to this notice (+) Notification of Application Control application updates Planned for the 28th November 2023 - Application…
  • MacOS Sonoma 14.0 slowness, CPU loading and battery depletion

    We've started to use Sophos Intercept X on Macbooks. Since Sophos has been running on our Macbooks, I've noticed that the computer regularly becomes sluggish and sometimes unresponsive. What's more, in mobile mode, the battery only lasts for an hour…
  • Sophos Endpoint-peripheral

    Hello, is it possible to set time to blocking USB port? As in block or leave it open for just a certain time period.
  • Disable Tamper Protection - Device Removed from Portal

    I have a device that at some point was deleted from the Sophos portal. I've tried reinstalling Sophos but am getting a message stating that tamper protection needs to be disabled. What steps can I take to get the device back on the portal? Thank you…
  • About Threat Graphs

    Hi there, What does what is found on the Threat Graphs mean? what should I do as a solution?
  • Deleting Sophos folder from applications on macOS

    We can move Sophos folders which is in applications folder in macOS even we enable tamper protection, is there anyway to protect Sophos folder in application to prevent from deleting
  • How to change Sophos Endpoint Agent language by command lin

    I have installed Sophos Sophos Endpoint Agent on Windows 10, how to change language from Japanese to English by command line instead of via GUI?
  • Cryptoguard detect ransomware in $programfiles\Sophos\Endpoint Defense\SEDService.exe

    Hi to all, I'm confused about a cryptoguard detection, it seems they found ransomware on a component of sophos itself. id: {"type":3,"data":"10HWczOjodtRTCUtmJysJQ=="} family_id: a1e45bc2-168e-553c-f81a-5e712666d413 process_alias_path…
  • 2023.1.3.5 BETA

    When installing core agent 2023.1.3.5, some devices show 2023.1.3.5 BETA and some show 2023.1.3.5 versions. Why is there two versions? When did the version change? Updating does not change it to 2023.1.3.5 BETA version to 2023.1.3.5.
  • Unable to Start Scan - Intercept X with EDR & XDR

    Hello, I am unable to manually start a scan on the endpoint. Windows 11 I click scan nothing happens. Any advice? Thank you, Joseph
  • Failed to install component(s): hmpa64

    ####Sophos HitmanPro Alert Initial install log 20231115T013935 2023-11-15T01:39:40.6403111Z ERROR : SetupPluginCommand::onRun() failed with ComponentInstaller::InstallError: Failed to install component(s): hmpa64 2023-11-15T01:39:40.6403111Z INFO :…
  • Keine Sophos Sicherheitsprodukte installiert

    Auf dem Windows Server 2012R2 Standard habe ich " Intercept X Advanced for Server with XDR" installiert. Problem: Obwohl alles nach der Installation gut aussieht, werden die Server nicht aktualisiert und kommunizieren auch nicht mit Central. …
  • Apple Mac Client. No Heartbeat. mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com - Server did not respond to client hello - 503 service unavailable

    Hi. Our Mac Clients with Intercept-X today getting no Heartbeat. Again. Very frustrating. Need to adjust Firwewall rules that rely on heartbeat every week - weaken them to allow traffic without heartbeat... The machines display MCS errors. "invalid…
  • firefox error accessing the web with ssl inspection enable

    Hi I have ssl inspection in intercept x advanced with xdr/ I have a problem surfing with firefox. the message is: Software is Preventing Firefox From Safely Connecting to This Site mxtoolbox.com is most likely a safe site, but a secure connection…
  • Heartbeat 1.15.1122.0 Error: Standard exception: use_private_key: unsupported - no Heartbeat

    Heartbeat is becoming my best friend. Yesterday I identified a Windows Server that had no heartbeat due to expired certificates. I reinstalled the agent and all was fine. Later the endpoint updated the heartbeat component from 1.15.835.0 to 1.15.1122…
  • Is it possible to exclude a process from data lake detections?

    Good morning, We use Faronics Deep Freeze in our environment on shared-use PCs in classrooms and computer labs. We are experimenting with turning on data lake uploads to start using the threat analysis center, and the Deep Freeze detections are very…
  • data exfiltration from server

    hi, i have installed CIXA for server on few servers. on 3rd of AUG 23 few of my server in LAN upon which cixa for servers were not installed, got hit by ransomware , file extension becom gasprom, i also have XG 310 at gateway level and turned on ATP…
  • Since the 28th of october I've been getting a message stating a scan will start. I perform a scan and nothing is found but everyday i get this message.

    Sophos home, Since the 28th of october I've been getting a message stating a scan will start due to ransomware detected a few days ago. I perform a scan and nothing is found but everyday i get this message. The file mentioned in the history is, C…
  • Sophos setup error to install on server 2019

    Hello, Server protection is unable to install on the server 2019 "Failed to download the installer" server Log: 2021-10-10T16:10:32.6661271Z INFO : Running C:\\Users\\ZELALE~1\\AppData\\Local\\Temp\\SophosSetup-395623309\\Setup.exe 2021-10-10T16…
  • Sophos update failing

    Hi Team, The Sophos update failing on one of our MacBooks. I checked logs in Sophos Central and found that there is no permission in the below location: /Library/Caches/com.sophos.sau/CID/Sophos Installer.bundle I just added 777 to "/Library…
  • server protection

    Hi, we are using Sophos End point for laptop and desktop now we need server protection same endpoint we have to use for server protection or any other application for server.
  • MacOS Scripted Deployment - Security Permissions

    Hi Sophos Community, I'm looking for some guidance. We have a requirement to deploy Sophos Endpoint to a number of MacOS devices. This guide has proved useful https://support.sophos.com/support/s/article/KB-000035045?language=en_US However we find…
  • Manual PUA cleanup required: 'PsExec'

    Hey Everyone, Scratching my head over how to deal with this PAU as I can't find much information on it on the old Google box. The identified PAU is PsExec located within the ZIP WPJCleanUp, PsExec as well as WPJCleanUp are legitimate Windows resources…