• High CPU Usage - SEDService.exe offline

    Hi, I have an annoying problem with the Sophos Endpoint Agent. When I am connected to the internet everything is fine. However, when I unplug the cable and am offline, the load on SEDService.exe goes way up. I have now noticed that under C:\ProgramData…
  • Network threat Protection - Blocking PowerShell Login to MS Compliance search via the Localhost browser address

    Open Powershell 7 Connect-IPPSSession -UserPrincipalName User@domain.com MS login processes starts by trying to open a browser window with a local host address and a random port. The connection is refused and the login process to MS stops localhost…
  • Sophos Endpoint Protection - Application Control

    Hello everyone, I miss the functionality of the application control in the endpoint protection that is available with SFOS. Although there is an application control, it can “only” control which application on the system are allowed or denied for running…
  • Tamper Protection Removal Tool

    Hello, We had a previous IT company that we have dropped and they supposedly removed Sophos Endpoint Protection on 200+ devices but we found it on 145 ish devices. They won't give us access to the portal and they are stating there is nothing they…
  • Manual malware cleanup required: 'Unknown Threat' at 'null'

    Hello. On some sophos endpoints the following error appears "Manual malware cleanup required: 'Unknown Threat' at 'null'". Could you tell me what this error refers to or how to solve it? The version in which this error appears is CoreAgent 2023.1.3.5…
  • Outbreak Mal/HTMLGEN-A

    We have several clients accessing this website. The message in Sophos: The root cause tried to access a URL known to be associated with malware. URL: rinozuid.anewspring.nl/jsonrpc Is this website actually a risk or is this a false…
  • Sophos machine learning doesn't work?

    I'm doing a POC with Crowdstrike and on the test computer we received a file that was detected as ( RegistryPersistEdit ) by Crowdstrike's machine learning. Sophos detected nothing and let the file make changes to the Windows registry. Sophos machine…
  • Failed to install component NTP64: 8000ffff

    Sophos NTP64 installation fails on Server 2019 Standard, see error log below: 2023-10-16T12:13:04.0582833Z INFO : Running C:\\Users\\FBS_AD~1\\AppData\\Local\\Temp\\SophosSetup-1000217844\\Setup.exe 2023-10-16T12:13:04.0582833Z INFO : Stage 1 command…
  • Endpoint webcontrol category lookup

    Hello there, Is there any tool to lookup URLs and find their classified categories for use with Central Endpoint WebControl? The categories don't match up with SFOS categories and the explanation of the categories, while verbose doesn't provide…
  • Device Isolation

    Earlier today we tested out device Admin Isolation since we have never used it. Isolated just fine, but now cannot remove as the Isolation "status" has shown "Isolating..." for the last 5 hours. Health is Green and does not and never did show up in Admin…
  • How long does Sophos Central try to isolate offline computers?

    Hi, using Intercept Advanced X, from time to time we want to isolate computers which aren't online at the moment. How long waits Sophos Central for the computer to be online again? At some point, it just gives up, want to know when I have to recheck…
  • [DE,EN] Über RDP redirectetes Laufwerk exclude, RDP redirected drive exclude

    [DE] Hallo zusammen Heute schilderte mir ein Kunde das Problem, dass beim Versuch, eine CD in seiner Remotedesktop Session mittels Windows (drag and drop) zu brennen der Vorgang abbricht und die CD somit unbrauchbar macht bis man sie neu formatiert…
  • Sharing violations on SMB share, Office, tmp files when saving (file in use by someone else)

    Users are working with Microsoft office files on SMB shares on windows servers. When working inhouse all is fine. When they work remotely via Sophos SSL VPN Client, some users cannot save documents or excel sheets on the network shares because office…
  • Sophos endpoint using high cpu when updating windows

    Hi sophos team. I have an issue with sophos endpoint. The computer is so lagged when updating windows. Sophos endpoint defense software and sophos file scanner took over 50% cpu, do we have settings to bypass scanning update from window. The endpoint…
  • no heartbeat from 10.5.0 Mac Endpoint on macOS Sonoma 14.0

    We have one device that is using this software combination and the device is not sending heartbeat to the firewall, nor does it show correct information in Sophos Central. No HP packets arrive from the device for IP 52.5.76.173 as can be seen with tcpdump…
  • AMSI/Reflect-KA Detection

    Hello everyone, We get the following alert What happened: We could not clean up a threat. Where it happened: computer name Path: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe What was detected: AMSI/Reflect-KA How severe it…
  • Display Installed Programs on Computers

    Hello, I want to display installed programs on my users' computers. I wonder if i can do that with Sophos. Thanks,
  • constant pop-up windows asking for full disk access

    Hi all, Sophos anti-virus on my MacBook is constantly making pop-up windows asking for full disk access, even though I have already granted full access. The pop-ups are distracting me a lot and I hope someone can help me out of here. Thanks!
  • MTR Update failure v2.4.0.59

    happens today: C:\ProgramData\Sophos\AutoUpdate\Logs\SophosUpdate.log 2023-09-27T07:14:15.702Z [ 9848:13456] I Installing component MTR64 (MTR64) 2.4.0.59 2023-09-27T07:14:15.889Z [ 9848:13456] I setupDll='C:\ProgramData\Sophos\AutoUpdate\Cache\decoded…
  • Blocked mtp/ptp device printer while installing

    Hi there, I do have a policy Block-USB devices with many exceptions. Suddenly I got the message the device is blocked when installing a printer even when the printer ( MTP/PTP ) is on the exception list by model-id. Model-ID: UMB\VEN_03F0&DEV_HP_PageWide_MFP_P57750&SUBSYS_J9V82B…
  • Web control lists specific endpoint as top malware downloader but no events can be found on the endpoint itself

    Hi, we can see an endpoint and user as "huge" malware downloader in "Top Malware Downladers" report: https://central.sophos.com/manage/endpoint/reports/web-control/malware/create But I can't find a single event or alert or anything linked to specific…
  • How much a DLP will support on Central Intercept X Advanced

    We had a CIXA Demo session with a customer, They have raised the below queries, 1. All public email services (Yahoo, Gmail etc) have to block login-in and allow only the business email/Outlook. Instead of blocking individual, they need a category…
  • Update Server Clients proxy address

    We currently installing our server clients to go out a proxy address by command line. We are upgrading our proxies and that means a new name. Is it possible to update the pointer for "--proxyaddress" to point to the new proxies without uninstalling and…
  • Sophos clean stopped

    we have this problem, we already reinstall agent, reboot, there is no other security solution
  • Crypto Guard detected Ransomware

    Hi We have this alert generated again when a user tries to run an automated test for google chrome. I have the below details. Can you please look into it and let me know.