• help with live discovery query - Readable free hdd / Partition space

    Hi everybody, I know that Live Discovery is more for threat hunting, but I've seen some really interesting queries out there. One thing I would like to be able to do is get as an output the free disk / partition space for windows machines. I've seen…
  • User Policy - logged on vs Run As user

    Hi, if i have an application control policy to block an application, but then add a policy to allow it for a superuser can that application then be run while logged in as a normal user, but with the application being launched using Run As to run as the…
  • System requirements for Live Response

    Hi, is there a KB / Documentation entry for the supported OS / system requirements for Live Response? Didn't find anything or is it working on all kind of OS we can install Intercept X? Cheers
  • Ich sehe bei den vielen Sophos Endpoint Produkten nicht mehr durch, kann mir das jemand erklären?

    Hallo Leute, ich habe mal eine Frage zu den Sophos Endpoint Produkten. Wir nutzen in der Firma Sophos Central dort gibt es im Punkt Endpoints die Unterscheidung zwischen Clients und Servern. Was ist jedoch nicht verstehe ist folgendes: Bei den Servern…
  • Problems with Wirelees Projection

    Hello good morning, I have a problem with my computers when trying to project on a wireless screen, my computers have Sophos Intercept, Sophos mobile used this for the remote erase issue, and they go to the internet through the XG-230. If I connect a…
  • Intercept X on Win Server 16 - Failed to update. How to re-try?

    Got a Medium Alert that one of my servers is out of compliance. Checked the endpoint and it says that Malicious Traffic Detection and Sophos Antivirus failed to install. There doesn't seem to be a way to tell it to try again. I've attached the most recent…
  • brew upgrade failed on macOS BigSur Error: Interrupted system call

    We have more and more laptops having 'Error: Interrupted system call' while run brew upgrade on macOS BigSur. I switched off Real Time Scanning > File on Sophos endpoint, then enduser could do brew upgrade successfully. Since Real Time Scanning…
  • Policies Update Management

    Good morning, In the "EndPoint Update Management" protection section, what do you mean, scheduled EndPoint updates or Scheduled updates of the system on which Sophos intercept X is running the EndPoint. Thanks
  • Server Offline in Live Discover

    Just starting with InterceptX for Server. Installation is complete, my Servers are communicating with the cloud. When I go to Live Discover I notice that some Servers are Offline, but in my Server overview I can see activity a few minutes ago. How can…
  • How to install Intercept X Advanced ? ( Not EDR )

    Hello Community! I created Sophos Central Trial for my customer POC and downloaded Intercept X Advanced with EDR without device encryption. I used the command line '--products=antivirus,intercept'. However, contrary to my expectation that 'Intercept X…
  • Is there a centralized place to manage all my Sophos Central Policies (Endpoints/Users/Servers)?

    All of our users (AD) can work with any endpoint server or computer, through remnote desktop or Citrix, all of them are protected throught Sophos Intercept X. But I don't know if there is a centralized place to manage all my Sophos Central policies without…
  • detect Silver Sparrow Malware on MACs

    How can we scan our MACs manually for this recently discovered malware with Sophos Central without logging in on the machines? Intercept-X is installed. Is this already detected automatically?
  • Surface Pro 7

    Hey Will Sophos Endpoint Advanced/Intercept X work well on a Surface Pro 7 Intel i5 8gb Ram? If not I might go with Sophos Home & Central Encryption... Cheers
  • Questions about Intrusion Prevention on Intercept X for servers

    Hello everyone, According to this article regarding Microsoft CVE-2020-1472 vulnerability, it says that for Endpoint and Server IPS: "These products are currently in Early Access. IPS signatures were published on September 17, 2020 SIDs…
  • Intercept-x blocking Malware site in http but not https, XG firewall does.

    Hi, on our XG I found this logs frequently ;Time;Log subtype;Username;Src IP;Dst IP;Category;URL;Bytes sent;Referrer;Message ID;Policy ID;; Web filter;27.01.2021 12:28;Denied;xxx;xxx;35.201.108.94;Spyware & Malware;https://logs.spilgames.com/lg/pb…
  • Importing and Exporting File Exclusions in Central

    Hello, I'm missing the possibility to import and export definitions in Central. Is this just hidden to me or does this feature still not exist? There is a FR from 2017 on this. https://ideas.sophos.com/forums/428821-sophos-central/suggestions…
  • What is the maximum number of exclusions (files, folders, processes...) in Intercept-X?

    Hi, is there a limitation of exclusions in Sophos central for Servers or Clients? I need to add a huge list for multiple Backup Programs (far more than 100).
  • AV scan using API

    Hi, We already use Sophos Intercept X Advanced for Server with EDR for AV scan. I am looking for API option to scan files uploaded from web applications. I found this community post https://community.sophos.com/community-chat/f/discussions/74444/sophos…
  • Questions regarding Sophos Central computer groups

    Hello everyone, I have some questions regarding Sophos Central Computer groups: - Is it possible for a computer or server be part on 2 or more groups at the same time? - Is it possible to create some kind of automatic group assignation rule…
  • Intercept X Endpoint consultation

    Hi, does the Intercept X Endpoint package include any type of consultation to get things started? I'm not exactly an expert so I might need a helping hand. Thanks in advance. Regards, Jussi, Rahoituspiste
  • Enabling Intercept X

    We are predominantly a Windows environment, around 120 servers. I have enabled this on a few servers so far including our main file server. No issues have appeared so far. I have everything enabled apart from CPU Branch tracing and Deep Learning.…
  • System.IO.IOException: Pipe is broken

    Starting Dec 21st we started seeing a tremendous amount of errors on both our Server Infrastructure and Endpoint devices. This created issues with certain .NET related applications on end users workstations that required restarting various applications…
  • Intercept X Endpoint Users in User Portal

    Hello! We're installing Intercept X Endpoint on machines that are not part of a domain. Unfortunately, this means users are appearing in Sophos Central as [Machine Name]\[User], for example MACHINE001\Employee1 MACHINE002\Employee1 While its the…
  • Central Server Intercept X Advanced - Prep guide for golden image for VDI

    Hello, I understand Server Protection for Virtualization, Windows and Linux and the VDI products have entered the EOS/EOL cycle. It is suggested that we use Central Server Intercept X Advanced instead. I'm looking for a equivalent article to this…
  • infected shadow copy on domain controller

    I have sophos endpoint protection with intercept X and I got an email that I got an infected pagefile.sys in volume shadow copy 4 and 5 (might be another one I forgot) Path: \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy5\pagefile.sys What was detected…