Intercept X EAP installed but Exploits succeeding in Sophos Tester!!

Ive got Intercept X EAP installed and just installed the new Sophos Tester to test my install, but lots of tests are Succeeding to exploit my pc??

Thats Ransomware EFS but lots of other tests are succeeding to exploit my pc have i got something wrong somewhere?  all my settings are enabled policy wise and i only exclude a couple of folders for games and thats all so the test shouldnt be able to exploit my machine i thought?

Also that test was with the Dummy Signed if i run the same test with Dummy unsigned Sophos blocks it properly so what would cause the signed Dummy to succeed?

Same with Dummy Signed for tests like Credential theft - Open Sam Registry, but Dummy Unsigned same test is blocked by Sophos Central??

Are other peoples EAP who run the Sophos Tester getting similar outcomes?


  • Hi John,

    Thanks for reporting this. I'm looking into it. My guess is that it has to do with settings not updating.

    I will keep you updated.


  • Hi John,

    Sorry for the delay in answering, I wanted to double check some things.

    The behaviour you have noticed is correct: we only block EFS encryption attempts from non-signed applications. For testing this should be sufficient, as it shows that EFS Guard indeed stops the attack.

    Best regards,