We have created a custom query to allow us to find specific file names and path on any system within our tenant. SELECT file, path FROM sophos_file_journal WHERE file LIKE '$$Filename$$'; This is very temperamental, as it will sometimes return a result…

I've seen a few posts already about this but nothing in recent years. I've turned on Application policy to try an prevent misuse of PowerShell and other tools. However its raised a large number of regular (hourly) alerts on most of the endpoints. Suggests…

I wonder what the Status in the Encryption dashboard means: under which circumstances is it showing "Not encrypted" and not encrypted & "Unmanaged"? On the screenshot all have the encryption module installed, except one computer. The filter is …

Hello, unfortunately we have a little problem with the endpoints policy. So far we had blocked powershell for all users and groups via the base policy. But since we need powershell for certain scripts this way can't work for us. We tried to block…

Hello everyone, yesterday I saw for the first time an entry at "Web Threats Blocked". It shows me that a "High Risk" website was blocked. But sadly in this overview is not date and no information what website exactly was blocked. Is there an option…

Sophos no deja entrar a mis usuario a una pagina de gobierno ( egob.finanzas.cdmx.gob.mx/.../a ) porque una aplicación que usa la categoriza como "Mal/HTMLGen-A". Ya puse la pagina en una whitelist y nada.

The detections section in Threat Analysis Center is filling with many of these events caused by MDR checks. SRP seems to be related to Microsoft Software Restriction Policies. What is the intension of this check? "COMPLIANCE-SRP-DISALLOWED-PATHS…

I would like a setting from Sophos central to have block Bluetooth but only connect Bluetooth headphones which only transmits 2-way (in and out) audio but no data or file sharing. It is Possible or not...? If it possible then please guide me...!

Hallo, gibt es eine Möglichkeit eine Liste der Peripheral des jeweiligen Central Accounts zu erhalten um zu sehen, wann welche Peripheral zuletzt benutzt wurde, bzw. welche gar nicht mehr genutzt wurde? Der Peripheral Report zeigt leider nur die letzte…

Is anyone else noticing issues with SSL inspection recently? we've just had the new core agent 2023.1.0.73 deployed on our estate and seeing a vast amount of websites being blocked 'the encryption used by this server hosting the URL is insecure' downgrading…

hi all, is there a way of disabling tamper protection via cmd ie once i have the number via sophos central can i make a cmd bat script and disable it thanks, rob

Hi, I have Central managing over 8800 active endpoints, we use Peripheral control. There are close to 24000 peripherals listed in our organisation, 2180 of which are currently allowed. I have historic data going back 4 years. To find new events…

Hi everyone, I'm starting to find a few limitations in the Sophos central endpoint web filtering. Is there any way to find out if a url is in a particular web category when using sophos central? Also could sophos central report on all web browsing…

Hi everyone, If we disable the tamper protection on the device itself, how long does it takes before it is actually disabled? After disabling it, we still cannot uninstall the Sophos Endpoint. Jo

Hi team, Is there any option to control (Block) Network storage services(NAS). And to block users using local Hardisk to store the data(Only store the data in MicrosoftOndrive) - To block internal harddisk. kindly help me to achieve above things.…

Hello All, I have been trying to create custom queries in Sophos Central for finding IoCs (SHA1 and SHA256). Can you please help me build query for the same? Regards, Jenil

I upgraded my subs to XDR and looked to following video: https://vimeo.com/519661823 Unfortunately I do not see tables mentioned there like: Data Lake hydration queries query result List all EP and XG FW Tables Windows programs Inventory search…

I have mixed Mac and Windows environment. So far I scheduled weekly two queries: Pending macOS updates Data Lake Pending Windows updates Data Lake Do you have any other recommendation what makes sense to run using the schedule ?

Hello, Just upgraded my license to XDR and now under detections I see many level 4 warnings like: SRP path rules missing. Secure boot supported but not enabled. DEP is not Admin Opt-out or Always-on. Applications with special compatibility…

Hi, Endpoint is blocking Web. WhatsApp on a single user although all users seem to be running it fine and I have added an exception of web.whatsApp in chats categories and called it in Policies settings. Web WhatsApp page loads correctly but after…

Hello, i want to block drive services (google drive, yandex, cloud etc.) I've already blocked them on my firewall but when user connects to another network, user can still use drive services. Is there any way to prevent user to use drive services…

Hi team, Help us to get report in Web control policy violators with username and categories. Is it possible?

Translator Hi, i want to join a script.py to my Sophos Central in Device Encrytion , it will automatically detect a type of my office document (Public, secret and confidential) and make the encryption with it.

Hola comunidad, Tengo la siguiente duda: ¿Es posible que desde Sophos central se bloquee el servicio de impresión por red? Gracias por su ayuda.

Hi We have Sophos Central in our environment. Peripheral Control is enabled everything works as it should however we are unable to update create or delete files on our peripheral devices. Is there perhaps a setting that we could change to help solve…