[Rant]
Sophos has been pushing exploit prevention feature heavily on both cloud( Intercept X) and on-premises( Exploit Prevention) recently but it seems to me that Sophos rather pour resources into marketing instated of their kb team documenting and explaining the actual functionalities in their products. Let me elaborate.
Here's an example:
The above screenshot is taken by one of my customer from his Sophos Enterprise Console within computer details under Exploit Prevention Events section.
From an Anti-Virus Admin's perspective this information is utterly useless. Why? Because a simple google with keywords: sophos, internet explorer, rop, and exploit prevention returns nothing.
In fact this is the top result: https://community.sophos.com/products/endpoint-security-control/f/sophos-endpoint-software/96410/rop-exploit-prevented-in-internet-explorer---but-only-when-when-outlook-is-running#pi2151filter=all&pi2151scroll=false
Suggested Answer: Open a support ticket.
As a partner I find this extremely infuriating consider that we are always bombarded with questions from our customers looking for an explanation for exploit prevention events they found within their environments and yet we are not well-equipped with the relevant knowledge.
We understand that the root cause for events from exploit prevention can be overwhelmingly difficult to determine and identify. But a general direction or a simple definition are always suffice to answer our customer's questions effectively and efficiently.
Every time when I open a ticket to ask for a definition I don't feel like working in the Information Industry instead I feel like a courier delivering messages between Sophos and the customers. And that kills the enthusiasm of many.
This thread was automatically locked due to age.
