SURF Launch Webinar – Q&A

Table of Contents

Will SURF be compatible for use on Windows 11? Are there plans to support other OS options in the future?

  • We will make sure that SURF is able to be used on Windows 11. At this stage, there’s no plans to import the SURF application to macOS or Linux – however, SURF does consume SDUs from those platforms.

Are there any limitations on the size of the SDU or CTRs to be processed?

  • No, although larger ones can take longer. If you’re experiencing issues with time, please go to Settings and turn off Log Consumption during SDU Processing.

Can SURF detect misconfigurations on the Sophos Firewall? How about invalid traffic or routing problems?

  • What SURF can detect is defined by the rules created and published by our GES team. If you want a specific rule to be created – please use the feedback form in SURF under ‘About, Feedback’ and suggest it.

Is SURF available? Is this tool publicly available or limited just for Sophos Partners?

  • This tool was created for Sophos and Partners. There’s no license required to use SURF.

What are the system pre-requisites to install and run SURF?

  • SURF is compiled to run on Netframework 4.6.1. It comes with its own copies of the dlls it needs and also has a copy of Notepad++ included with it.

Will SURF also be available in Sophos Central Dashboard? Can it be automated to run in combination with an SDU in Sophos Central?

  • We have not explored this as of yet. However, if there’s an interest in this we can look into it.

How frequently will SURF be updated?

  • SURF is updated whenever we need to do an improvement or add a new feature.

How long does it take the SURF tool to analyze a SDU/CTR file?

  • This really depends on the size of the target file. The longest run element is the detection engine and I have been working on a lot of optimizations on it – a new release is coming soon that will have these improvements.

How can I learn more about how to use SURF? Will there be any additional training resources?

  • We have provided a user guide which is available in the Partner Portal, but we haven’t planned any additional training. If you are interested in this content – post that in the community group.

Will SURF be compatible with other Sophos Central products in the future? Ex: Sophos central mail protection.

  • Not at this time. However, we can look into this.

Will SURF provide tips on security best practices?

  • SURF doesn’t offer an opinion on the settings – it just shows what they are. 

Is SURF, a free tool?

  • Yes

What products is SURF compatible with?

  • Right now, it consumes data from endpoints and SFOS. This includes CDE on the endpoint. If Partners want other products to be included – please use the feedback form to suggest that.

Does SURF require admin rights to update?

  • Not in general, however, this is dependent on the specific permissions your system has.

Could you outline some best practice diagnostic tips for using SURF?

  • When investigating a detection – check that the user is reporting the symptoms listed in the KBA to make sure you are dealing with the correct problem at hand.
  • Use a SDU/CTR from a system with the issue and one that doesn’t have the issue so you can compare the differences.

What is the Login feature for?

  • This for Sophos Tech Support Engineers to log in to get the rules that are in test for internal use only.

Does SURF need an SDU or CTR file?

  • You can run rules against any folder with logs in it but you will be missing a lot of context. An SDU or CTR is suggested but not required.

[edited by: FloSupport at 5:21 PM (GMT -7) on 1 Jul 2021]