"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
This article provides an overview of the processes used by the different 'Discover Computers' methods available in the Sophos Enterprise Console.
Applies to the following Sophos product(s) and version(s) Enterprise Console
The following options are available for selection when choosing the 'Discover computers' option within Sophos Enterprise Console:
The following explains the processes used by each of these options.
This option utilizes LDAP to search Active Directory for the computers/containers specified within the wizard. LDAP operations run which search, list and retrieve the domains, containers and computers found. The logged on credentials are used to bind to AD and perform these operations.
Further detailed information
The above is all actioned by the EnterpriseConsole.exe process
Basic information This options utilises LDAP to search Active Directory for computers. LDAP operations run which search and return any computers found. This is done using the machine$ account. Further detailed information The wizard gives the option of supplying credentials or skipping. However, either option will still use the machine$ account to perform the operation.
The above is all actioned by the MgntSvc.exe process
For further information on discovering computers by IP range see article 16436
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.