Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
I want to exclude particular "Remote management tool" for one particular machine, is it possible to achieve the same? I mean not sure whether we can do this for single machine and allow on rest.
To create an application exclusion for one machine, you would need to create a new Application Control policy to allow this application. In Sophos Enterprise Console you can right click the existing Application Control policy, duplicate it and make the required change for the machine. Once we have this policy we must create a new group to nest this one machine and we can apply this policy to that group. You can right click a group and select Create Group to create this. To move the computer to this group, simply drag and drop it into the group. To apply the new Application Control policy to this group you can drag and drop the policy to the group as well.
In reply to SJaramillo:
Thanks for the reply.
I tried but unable to move client to new group, it says "computer is a part of synchronized group and cannot be moved".
I believe new OU in AD needs to be created with the same sophos group name, and then its possible? or can we do that in console directly?
In reply to Abhijeet Nawale:
if the endpoint is indeed in a synchronized group you'd have to create an appropriate OU in AD. AD Sync mirrors the container (OU) structure as group tree and moves the computers to the relevant groups.
In reply to QC:
That's what I thought too, cool.