A Sophos engineer a few years ago showed us a trick that could have allowed us to run an executable on a remote endpoint by using the SEC messages. I didn't document it at the time as I thought we had other tools to do that and didn't need another one. But now we have an endpoint that lost its trust with the domain, has the local admin account disabled, and is in an unreachable physical location so nobody can login into it remotely or even onsite to re-install Windows.
As Sophos is the only application that is still working on the device... if we can figure out how to use the message router to run a command remotely on the endpoint we'll be able to regain access.
Does anyone know how we could do that?
This thread was automatically locked due to age.