Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
This article provides information on why you may want to disable the EDR data feed and how.
The following sections are covered:
The Intercept X with EDR license provides an option to perform Threat Searches which can be used to search for potential threats on your network. For further information on Threat Searches see Sophos Central: Threat Searches overview.
To obtain the information returned in the search, data is fed from each Windows computer on any portable executable (PE) file that has a non-good reputation.
Note: This feed is enabled by Default across the whole estate from the moment the license is applied.
There are a number of instances where you may want to disable this data feed such as:
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.