Hello,
We have just about finished our roll-out of the latest endpoint protection rolled into the Sophos Central offering with Enterprise X. I am doing some sanity testing with Metasploit pro to make sure the Sophos Endpoint does what we where told. I generated a Reverse_tcp windows Meterpreter payload (with AV evasion enable) and it loaded on the machine and executed giving me a remote shell and Sophos AV didn't squawk one bit. I have all protection settings enabled. what's the deal??
See from the screen shot, my payload is still running. The only time AV kicks in is if i try to get admin from the console.
Meterpreter Shell not stopped from executing
This thread was automatically locked due to age.