Browse By Tags

  • Is it possible to exclude a process from data lake detections?

    Good morning, We use Faronics Deep Freeze in our environment on shared-use PCs in classrooms and computer labs. We are experimenting with turning on data lake uploads to start using the threat analysis center, and the Deep Freeze detections are very…
  • Since the 28th of october I've been getting a message stating a scan will start. I perform a scan and nothing is found but everyday i get this message.

    Sophos home, Since the 28th of october I've been getting a message stating a scan will start due to ransomware detected a few days ago. I perform a scan and nothing is found but everyday i get this message. The file mentioned in the history is, C…
  • IPS FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt

    Good day members. I Trust you are well. Our IPS report on Sophos Central shows the following IPS report. I have Traced the IP back to microsoft Data center. I would like to know is this a false positive as i have scanned the computers muliple times…
  • USB Restriction Policy in macOS 14 Sonoma not working

    Hello, I wanted to see if anyone else is having issues with Restricting USB's in macOS Sonoma. I am currently on Version 10.5.1 for Sophos and on macOS Sonoma 14.1.1 Currently, I have the Peripheral Control set to Read Only for Secure removable storage…
  • Block or log if user run any vba macro in office

    Hello, Is it possible to log or block if user tries to run any vba macro in office applications? Regards.
  • block all VPNs

    HI everyone, I was wondering if it is a way to block all the vpns using sophos central? I have the web filtering based entirely on sophos central, and it seems okay so far. One of our customers wants all the vpns blocked on the enpoinds something…
  • Can't adding application

    Hi I want to adding a appliction on device SJ32ACC but its told me error adding application , and I allow by SHA256 & key applicaion used by most organisations , could you help me to fix this issue ,thx?
  • A device is not encrypted - Alerts when enrolling new endpoints are creating noise.

    Hello, To give context, our leadership and information security team are concerned with alerts that I coming from Sophos. Their concerns are valid considering the email titles are: Alert for Sophos Central [*****]: A device is not encrypted. However…
  • Can PSTools be excluded for a single machine (for Sophos admin)?

    Just as the subject asks: Can PSTools be excluded for a single machine (for Sophos admin)? if so, how can I create that exclusion so that it's not alerting every time I try to download and install it? I don't want to create a global exclusion because…
  • Block Google Accounts

    Hello, i want to block accounts.google.com - docs.google.com etc. I succesfully blocked google docs but when i try to block google accounts, i can still reach that webpage somehow. Im trying from website management. What should i do? Regard…
  • Peripheral control

    Ave collegae! Is there a way to - see / check per device (/user) - what peripheral(s) had been blocked - allow one or more of the blocked device(s) the customer prefers GUI Salvete hRy
  • Network threat Protection - Blocking PowerShell Login to MS Compliance search via the Localhost browser address

    Open Powershell 7 Connect-IPPSSession -UserPrincipalName User@domain.com MS login processes starts by trying to open a browser window with a local host address and a random port. The connection is refused and the login process to MS stops localhost…
  • Sophos Endpoint Protection - Application Control

    Hello everyone, I miss the functionality of the application control in the endpoint protection that is available with SFOS. Although there is an application control, it can “only” control which application on the system are allowed or denied for running…
  • How to change "Base Policy - Update Management" from "Recommended" to older FTS without downgrade

    Hi, we have our default " Base Policy - Update Management " policy which is applied to most of our endpoints set to "Recommended" software package versions. We would like to change this to latest FTS and leave the latest "Recommended" package setting…
  • Sophos encryption problem

    Hello, In our company, we have a policy of encrypting PCs with Sophos Encryption. Everything was going smoothly until last week. The PCs were initially encrypted with BitLocker in AES 128 by Windows. Consequently, I disabled the encryption, and then…
  • Tamper Protection Removal Tool

    Hello, We had a previous IT company that we have dropped and they supposedly removed Sophos Endpoint Protection on 200+ devices but we found it on 145 ish devices. They won't give us access to the portal and they are stating there is nothing they…
  • Manual malware cleanup required: 'Unknown Threat' at 'null'

    Hello. On some sophos endpoints the following error appears "Manual malware cleanup required: 'Unknown Threat' at 'null'". Could you tell me what this error refers to or how to solve it? The version in which this error appears is CoreAgent 2023.1.3.5…
  • Outbreak Mal/HTMLGEN-A

    We have several clients accessing this website. The message in Sophos: The root cause tried to access a URL known to be associated with malware. URL: rinozuid.anewspring.nl/jsonrpc Is this website actually a risk or is this a false…
  • Sophos endpoint using high cpu when updating windows

    Hi sophos team. I have an issue with sophos endpoint. The computer is so lagged when updating windows. Sophos endpoint defense software and sophos file scanner took over 50% cpu, do we have settings to bypass scanning update from window. The endpoint…
  • Sophos machine learning doesn't work?

    I'm doing a POC with Crowdstrike and on the test computer we received a file that was detected as ( RegistryPersistEdit ) by Crowdstrike's machine learning. Sophos detected nothing and let the file make changes to the Windows registry. Sophos machine…
  • Failed to install component NTP64: 8000ffff

    Sophos NTP64 installation fails on Server 2019 Standard, see error log below: 2023-10-16T12:13:04.0582833Z INFO : Running C:\\Users\\FBS_AD~1\\AppData\\Local\\Temp\\SophosSetup-1000217844\\Setup.exe 2023-10-16T12:13:04.0582833Z INFO : Stage 1 command…
  • Endpoint webcontrol category lookup

    Hello there, Is there any tool to lookup URLs and find their classified categories for use with Central Endpoint WebControl? The categories don't match up with SFOS categories and the explanation of the categories, while verbose doesn't provide…
  • Device Isolation

    Earlier today we tested out device Admin Isolation since we have never used it. Isolated just fine, but now cannot remove as the Isolation "status" has shown "Isolating..." for the last 5 hours. Health is Green and does not and never did show up in Admin…
  • How long does Sophos Central try to isolate offline computers?

    Hi, using Intercept Advanced X, from time to time we want to isolate computers which aren't online at the moment. How long waits Sophos Central for the computer to be online again? At some point, it just gives up, want to know when I have to recheck…
  • [DE,EN] Über RDP redirectetes Laufwerk exclude, RDP redirected drive exclude

    [DE] Hallo zusammen Heute schilderte mir ein Kunde das Problem, dass beim Versuch, eine CD in seiner Remotedesktop Session mittels Windows (drag and drop) zu brennen der Vorgang abbricht und die CD somit unbrauchbar macht bis man sie neu formatiert…