• "Looping" through list in Live Query

    Good afternoon! I am working on a query where I would like to essentially perform a "For Each Loop" on the results. I am not sure what the SQL equivalent is. Can someone assist me and/or direct me to the proper syntax? Based on the following query…
  • Searching the contents of a file with Live Query

    Is it possible to search the contents of a file with Live Query? If so, can someone point me to the proper syntax?
  • How do you investigate "Safe Browsing detected browser Google Chrome has been compromised"

    Good day everyone! I am sure we have all seen a few of these pop up in our environments: "Safe Browsing detected browser Google Chrome has been compromised". My question is, what steps do you take to investigate this alert? There is a rather small…
  • hmpalertsvc has an unquoted service path with a space in it.

    I have two questions How do I quickly add quotes in the registry setting for hmpalertsvc entry to change it from this C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe to this “ C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe”? When will…
  • HP Wolf Security causing issue's

    Hi, I'd like to know if anyone else has experienced this yet. I've had 4 customers now with HP Machines that have had issues with there PC performing incredibly slowly (basically unusable), the issue seems to be this new HP Wolf Security Bloatware that…
  • How to auto deploy Sophos Server protection on AWS instances

    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. The instructions in this article describe a way to automatically…
  • Multiple Syncs of - AD Sync Utility

    We would need to setup atleast 10 Syncs or more per day. Why ? We are managing Peripheral Control via Sophos but the users are managed via AD; So we need frequent sync of this group. Any thoughts on How we can manage this ?
  • SEP Mac stops Sketch working?

    I just got around this morning to installing Intercept X on one of our web designers' MacBook Pro. Within a few minutes, she reported having issues with Sketch . The SophosCryptoGuardLegacy process would be pegged to 65+% CPU and Sketch would just hang…
  • macOS C2/Generic-A Detections

    Today I have been receiving detections for C2/Generic-A on my mac clients the offending process is /usr/libexec/trustd and it is reaching out to IP 104.18.21.226. This IP is owned by cloud flare and hosts alphassl.com so it seems to make sense that the…
  • Sophos Intercept X and DeepFreeze

    I work at a school where we deployed DeepFreeze to laptops that were given to students for the purpose of online classes. These were also provisioned with Sophos Intercept X to monitor and restrict web access which is really more important to us than…
  • Cannot start HitmanPro.Alert service on Intercept X

    Hello everyone, I have two Windows Servers that report the HitmanPro.Alert service as Stopped. Once I open windows services and try to manually start it I get this message: "Windows coul not start the HitmanPro.Alert service service on Local…
  • Migration from SEC to Central. Prepare remote update managers error

    Hi everyone, I'm migrating my clients from sophos enterprise console to sophos central. I have no problems migrating main office computers, I have problems with brench offices that have a Remote update manager. I'm following this guide which seems pretty…
  • VPN installation on Employee Personnel Mobiles

    Hi Community, Recently the some employees asked for vpn remote access from home to certain applications in our company data center via their personnel mobile phones, is their any solution to check the security of that device ( per ex: is their any…
  • Unmanaged devices tab

    Hello, I've noticed that a new tab has been added recently for 'Unmanaged devices' in computers and servers, but the page doesn't get anything and loading keeps on with no items were found.
  • Intercept X - Multiple Threat Cases for Singular Detection

    Does anyone else get 10+ threat cases created for a single detection? For example, Sophos picked up some phishing from Outlook and generated 10+ threat cases: I don't think the user would try 10 times to open this email attachment. Anyone have…
  • Intercept X on MacOS Big Sur - possible GUI issue in "system preferences" and "privacy"

    Hey guys, we recently ran into an issue on MacOS Big Sur and within "system preferences" --> "Security & Privacy" --> "Privacy" --> "Files & Folders", possibly related to the presence of Intercept X for MacOS, as we don't see that strange behaviour…
  • Issue : Download of WindowsCloudNextGen failed from server http:∕∕dci.sophosupd.com.

    ALL ENDPOINTS : Download of WindowsCloudNextGen failed from server http:∕∕dci.sophosupd.com. ALL CACHE Servers : Failed to download
  • Endpoint stopped recieving updates after trial expiration

    Hello, we have the license for Intercept X advanced which 600+ users are using, a month ago a started the trial for the Intercept X advanced with EDR on the same central account, all the machines switched to the trial license, now that the trial ended…
  • How often do servers/endpoints upload to the data lake?

    There appears to be a delay between when an event happens on a server or endpoint and when I can run a live discover query on that data in the data lake. How long does it take for the Sophos agent to synchronize or upload it's data to the data lake?
  • help with live discovery query - Readable free hdd / Partition space

    Hi everybody, I know that Live Discovery is more for threat hunting, but I've seen some really interesting queries out there. One thing I would like to be able to do is get as an output the free disk / partition space for windows machines. I've seen…
  • User Policy - logged on vs Run As user

    Hi, if i have an application control policy to block an application, but then add a policy to allow it for a superuser can that application then be run while logged in as a normal user, but with the application being launched using Run As to run as the…
  • System requirements for Live Response

    Hi, is there a KB / Documentation entry for the supported OS / system requirements for Live Response? Didn't find anything or is it working on all kind of OS we can install Intercept X? Cheers
  • Ich sehe bei den vielen Sophos Endpoint Produkten nicht mehr durch, kann mir das jemand erklären?

    Hallo Leute, ich habe mal eine Frage zu den Sophos Endpoint Produkten. Wir nutzen in der Firma Sophos Central dort gibt es im Punkt Endpoints die Unterscheidung zwischen Clients und Servern. Was ist jedoch nicht verstehe ist folgendes: Bei den Servern…
  • Problems with Wirelees Projection

    Hello good morning, I have a problem with my computers when trying to project on a wireless screen, my computers have Sophos Intercept, Sophos mobile used this for the remote erase issue, and they go to the internet through the XG-230. If I connect a…
  • Intercept X on Win Server 16 - Failed to update. How to re-try?

    Got a Medium Alert that one of my servers is out of compliance. Checked the endpoint and it says that Malicious Traffic Detection and Sophos Antivirus failed to install. There doesn't seem to be a way to tell it to try again. I've attached the most recent…