Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945

Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!

Exploit Prevention Events and General Sophos Clean Questions

Hi All,

I was looking for some answer in regards to Exploit Events, Sophos Clean on Enterprise and Sophos Clean Licencing

 

Firstly, I've rolled out Exploit to some test machines, one of the machines is shown to have some exploits in the event area on the Enterprise console. There is nothing to be cleaned within the resolve alerts and errors section of this machine. Does this mean that Exploit count in the Events page are false positives? Ive copied a screen shot, however its not the clearest to see

 

Secondly, is Sophos Clean an Automated or a manual process when using from the enterprise console? Ive seen on Sophos Central that Sophos Clean is Automated when a Exploit happens?

 

Lastly, i'll be running Sophos clean from shared location. Im assuming at each time ran, I'll have to enter the activation key? Or do you recommend rolling Sophos Clean out to all endpoints and having this as managed application

 

 

 

Regards Alan

  • Hello Alan,

    Exploit Prevention monitors running processes, in other words it detects a crime in progress and acts immediately. Thus there is nothing to clean or resolve afterwards. The count represents actual interventions.

    Sophos Clean can (not?) yet be managed from the Console. While it is installed together with EXP and CryptoGuard it has to be activated and configured individually on the endpoints. If you run it from the shared location you have the option to also install it on the endpoint. Note that you can activate (i.e. enter the license key) using the command line.

    Christian