We'd love to hear about it! Click here to go to the product suggestion community
I am finding that when "Prevent APC violation" under "Active Adversary Mitigations" is enabled, the wireless network card becomes disabled upon reboot. Because the network card is disabled, this leads to long boot up times. Also, a lot of functions of the desktop fail to work as well, such as being able to click on the start menu and the search button, neither of which do anything. Also interesting to note is "Sophos System Protection Service" also fails to start.
In order to get everything working again, I click "Override ..." in the Sophos GUI, and turn off everything. I then go into Sophos Central and turn off "Prevent APC violation." I then reboot the client. Once it boots up, I open the Sophos GUI and make sure that its policies are updated, then turn off the Override and reboot.
When I leave "Prevent APC violation" turned off, then everything work just fine.
This is a Windows 10 (1709) Surface Pro 4.
I am using Sophos Central with Intercept X.
Core Agent: 2.2.2
Endpoint Advanced: 10.8.3
Sophos Intercept X 2.0.14
Anyone else experiencing a similar issue and know what process/file to exclude to prevent this from happening?
The below should be able to help.
A recent push has enabled features that have been in the Threat Protection Policy for some time.
It might require some tweaking but disabling these options will get you working again.