Hi, I moved to Version 21.0 GA (Home Edition) recently. I noticed that in control panel, no events in the log or counters are logged that X-Ops is doing anything: A configured third party threat list (abuseipdb.com) is working properly and blocks…

Hi, Can we enable botnet prevention on the SFOS firewall. Please provide any kind info related to this.

Hey Folks, we rolled out a XGS126 in our Branch yesterday (before SG125) and we cannot get Veeam to work backing up our Branch VMs. The Branch is connected via IPSEC VPN Tunnel to our Datacenter (Sophos SG310). I already found the older thread Veeam…

Currently we are using Sophos XGS 4500 and we are receiving alerts in Advance Threat however it only shows the device (see image below). Is there a way where we can see a detailed reports such sa IP and etc? Also, what is the "X45007...." device indicated…

How to configure Advanced Protection on Sophos Firewall ? Suggest me why we use this option.

stupid question, I know, but honestly: what is the benefit of the Xstream protection when you decide not to break TLS sessions at all (besides mail filtering)? Will someone earn any higher protection level with all these features activated without breaking…

Today our XGS started reporting ATP sources blocked without a Host Name, IP, or Threat. There is also no information under Monitor & Analyze > Reports > Network & Threats: Advanced Threat Protection How do I go about tracing down the issue? …

Whenever I click Apply in ATP, I can see the spinning circle and after some time the message " The operation will take time to complete. The status can be viewed from the "Log viewer" page ". It does not matter if I change somethin, add hosts or whatever…

Hello, we have the message "an attempt to communicate with a botnet or command and control server has been detected sophos xgs". This message occurred simultaneously on 2 firewalls at 2 different locations. What further measures are recommended here…

Running SFOS 19.5.2 MR-2 on an XG310. In the Zero-day protection section of the Control Center, it shows 0 Recent, 274 Incidents, 330 Scanned. When I click on that, it goes to the Zero-day protection logs, and I get two pages containing a total of 38…

There are a number of zero day security alerts on my Sophos firewall tab coming from Chrome Installer. Any help would be appreciated! - The machine learning analysis and sandbox analysis shows no signs of bad intension and the overall file hash shows…

Hi everyone, So like a lot of others here I've experienced where we get the notification that an attempt to communicate with a botnet or command and control server has been detected. And its always these same three sites: As you can see…

Hi all, Upgraded customers to Veeam Backup and Replication to version 12, an started seeing theese on the backup copy jobs, for the remote repositories: 03-04-2023 14:29:31 :: Processing Error: An unknown error occurred while processing the certificate…

Hello am getting this alert sara-tabuk.no-ip.biz as an ATP threat can you assist?

In Application usage report, DNS over HTTPS is classified as High Risk. Why? I would think HTTPS is always preferable. Is it because it imposes limitations on what the firewall can see and control?

Hello everyone, I have a problem with two FW (one on Azure, one XG) We have a lot of detections like this (ATP) We saw that this URL centos.brontocdn.com is legit and it's an official Centos Repo. I allowed it here : But both FW are still…

hi, if i have sophos XGS or XG and from lan my users start making connection with bad reputed ip address. then can firewall block it??? ATP is same or it is different? can SOPHOS XG/ XGS also consult some IOC Feed ???

Hello, we are using : Sophos XG450 (SFOS 18.5.1) During the last 2 weeks we recceived the following Security Warnings on 2 different Computers: Was ist passiert: Ein Computer hat schädliche Daten versandt. Das lässt darauf schließen, dass er mit…

Noticed ransomware alert from a PC with C:\Windows\System32\msiexec.exe but drilling down I can see it's Trusteer Rapport. I have about a dozen machines with this software though and none of the others are alerting. I'm 99% sure it's a false positive…

Dear, We are facing a very strange situation regarding the very frequent alerts we are getting for C2/Generic-A. Most of these alerts have origin addresses, from DNS servers, such as 8.8.8.8 for example, but what is intriguing is what in the details…

Hi Everyone! Can anyone help me? I received several reports from XG Firewall that a n attempt to communicate with a botnet or command and control server has been detected. The source IP is Google's DNS (8.8.8.8 and 8.8.4.4) and my DNS (203.167.97…

I found some malware on a client PC not long ago, which we discussed at length in this thread: https://community.sophos.com/intercept-x-endpoint/f/discussions/132693/mal-polazert-a-removal/491955#491955 . Intercept X is deployed throughout the network…

I am having trouble determining what is happening here. I see the source is google dns, the destination is my internal dns server. the threat is clickmatters.biz. How do I track this down to find out what is going on. I checked web logs to see if anyone…

Hello Communitiy, from time to time we have some false positives on APT. If I check the URL with VirusTotal often Sophos is the only vendor where the URL marked as "Malicious". An example is this URL: https://coronalevel.com/Germany If I check the…

We found all the *. idv.tw domains were blocked by ATP with XG. I have opened a case (ID: 04765685) to Sophos, but Sophos seems doesn't know the issue? Shunze