This knowledge base article provides information on why you may want to disable the EDR data feed and how.
The following sections are covered:
The Intercept X with EDR and Intercept X Advanced for Server with EDR license provides an option to search for potential threats on your network via Threat Searches. For further information on this, take a look at Sophos Central: Threat Searches overview.
To obtain the information returned in the search, data is fed from each Windows device on any portable executable (PE) file that has a non-good reputation.
Note: This feed is enabled by Default across the whole estate from the moment the license is applied.
There are several instances where you may want to disable this data feed such as:
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.