Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

Sophos Central - False positive - Connectwise Screenconnect - a Thoma Bravo Company - Same as Sophos

Good morning (NZ Time)
We are an IT support business
We use connectwis's screenconnect product to remotely support all of our clients, and have done for 6 years.

From Yesterday afternoon (NZ Time) our Sophos Central alerts are going off with the below.

Sophos Central Event Details for <customer name>
What happened: We attempted to restore a cleaned up application but failed.
Where it happened: <machine name>
Path: C:\Windows\Temp\ScreenConnect\22.9.10589.8370\ScreenConnect.ClientSetup.exe
What was detected: Generic ML PUA
User associated with device: <machine name>\<username>
How severe it is: Medium

Can you "globally" stop this nonsense please - or work with connectwise - Its part of the Thoma Bravo group - so also are Sophos.

You dont need to troubleshoot MY control panel (as your support agents are often wanting to do) - This is a GLOBAL SOPHOS issue and Thoma Bravo

I'm posting this in the forum as well as in a support ticket as I find support tickets are slow due to timezones and the "follow the sun" system not really working.



Edited TAGs
[edited by: Gladys at 9:30 AM (GMT -8) on 1 Mar 2023]
Parents Reply Children
No Data