As a Sophos central customer is it possible to block Log4j as an blocked application using an application policy.
I have clients with a firewall policy to block all incoming connections and don't have XDR subscription and cant run scripts to detect Log4j remotely.
Just wondering if Sophos application filter can be used to block it. Thanks
Thank you for reaching out to the Sophos Community Forum.
Checking the current list present, I do not see "Apache" or "Log4j" listed in the controlled applications list. If you would like to see Apache detected, I recommend sending in an Application Control Request using the following link. - Application Control Request
The file you’ll need to submit is the "httpd.exe" file. Matching is done primarily based on the executable name as well as file hash. If you wish for all previous versions of httpd.exe to be detected, I'd recommend sending in the corresponding exe versions for analysis.