• Sophos affecting the Finder on Mac when connected to a Window server

    Gerald Horn
    Gerald Horn
    Has anybody seen Sophos Intercept X with XDR affecting the drawing of icons in a Finder window on a Mac when connected to a Windows server? I have Enable Real-time Scanning On but Remote files is set to Off on a Mac policy.
    • 3 months ago
    • Sophos Endpoint
    • Discussions
  • cookieguard is no longer valid

    ong! L
    ong! L
    Recently, it was found that someone frequently tried to log in to our webpage background, but failed, after several days of investigation The company found out internally that the browser data was stolen, and then found that the cookieguard module was…
    • 3 months ago
    • Sophos Endpoint
    • Discussions
  • Inquiry Regarding Remote Wipe Feature for Laptops

    Michael9609
    Michael9609
    Dear members I hope this email finds you well. I would like to inquire if Sophos offers any remote wipe functionality for laptops in case of loss or theft. If so, could you provide more details on how this feature works and its requirements? Thank…
    • 3 months ago
    • Sophos Endpoint
    • Discussions
  • DLP to check about various external domains in an e-mail message.

    Cleber Vicentini
    Cleber Vicentini
    Hi, Anyone knows how to configure Sophos DLP, or other tool, to check fields To, CC, Bcc for existing multiple external domains? Example: TO: cccc@gmail.com;bbbbb@hotmail.com In cases when more than one external domain is fond, stop to send e-mail…
    • 3 months ago
    • Sophos Endpoint
    • Discussions
  • File control by extension

    Alves
    Alves
    Hi guys, Is it possible to block certain files when they are executed? For example, block all .EXE files when they are clicked
    • Answered
    • 3 months ago
    • Sophos Endpoint
    • Discussions
  • About C2_10a (T1071.001) Detected on the server

    ong! L
    ong! L
    Endpoint appears as malicious behavior, but shouldn't detecting c2 be the purview of IPS? Why is it showing malicious behavior? Or is the ips module already involved?
    • 3 months ago
    • Sophos Endpoint
    • Discussions
  • Sophos Endpoint SSL/TLS Decryption - managed exclusion list

    Stefano Tortiello
    Stefano Tortiello
    Hi is there a managed exclusion List for the Endpoint SSL/TLS Decryption module? I only found the possibility to add custom URLs as exclusion. We use Sophos Firewall as well and there is the URL Group " Managed TLS exclusion list" with a bunch of…
    • Answered
    • 3 months ago
    • Sophos Endpoint
    • Discussions
  • Local log write error

    ong! L
    ong! L
    The web anti-virus detection logs are written in the IPS logs at .....
    • 3 months ago
    • Sophos Endpoint
    • Discussions
  • Can we add CIXA for 20 user license and Cixa xdr for 30 user in one Sophos central portal

    DevK
    DevK
    Can we add CIXA for 20 user license and Cixa xdr for 30 user in one Sophos central portal
    • Answered
    • 3 months ago
    • Sophos Central
    • Discussions
  • In Sophos Central on a single device Last User shows a user that is not logged in, and who doesn't have internet usage rights. And because of this the logged in user who has internet rights is being blocked.

    Shawn Adams
    Shawn Adams
    And even with 6 or 7 new starts the device still shows the wrong user in central. When I look up the correct user it shows 0 devices in the management studio. The user is local user in windows is logged into their Microsoft account and is synced with…
    • Answered
    • 3 months ago
    • Sophos Central
    • Discussions
  • Possibility to trace back for older avdb signatures

    Kumar Bavandla
    Kumar Bavandla
    Big thanks for the answers to my queries in the suitable product for scanning files, folders on RHEL with no internet connectivity - Discussions - Sophos Central - Sophos Community ticket. I have two follow up questions and I prefer to ask in a separate…
    • Answered
    • 3 months ago
    • Sophos Central
    • Discussions
  • False trigger or a potential threat?

    Maroun Moussallem
    Maroun Moussallem
    hello, it's been a while but recently I encountered the same trigger, Endpoints are not sending hearbeats signal anymore to the firewall. no documentation on how to work around this issue. any idea? thank you.
    • 3 months ago
    • Sophos Endpoint
    • Discussions
  • INTERCEPT X DETECTIONS

    Ahmed Khalil Abidi
    Ahmed Khalil Abidi
    (Browser-Specific): Threat Protection policies only detects malwares in Firefox when accessing the eicar website but failed to detect it using Chrome. also, what is this behavior, it keeps detecting the malware, cleans it, but never kills the sophos_hips_test…
    • Answered
    • 2 months ago
    • Sophos Endpoint
    • Discussions
  • Port scan detection internal network

    @wajdiaa
    @wajdiaa
    Hi, Is there any option to detect internal network port scans from within the network or networks? Like for example using nmap or netcat or others from inside the local network, not from a wan source. I'm posting this in endpoint as well. Thanks…
    • 3 months ago
    • Sophos Endpoint
    • Discussions
  • sophos endpoint defense software exchange 2016

    Sebastian Mair
    Sebastian Mair
    hi, since friday we have high cpu with the sophos endpoint defense software process. windows server 2016 sophos central server core version: 2024.2.2.1 after disabling all the features the cpu is back to normal.. any ideas?
    • 3 months ago
    • Sophos Endpoint
    • Discussions
  • RE: Blocking Controlled Items Prompts for Problems

    ong! L
    ong! L
    One more question, how to customize the tamper protection password?
    • 3 months ago
    • Sophos Endpoint
    • Discussions
  • Lockdown eclusion for one specifig *.exe

    NXKI
    NXKI
    Hello all, I need help with something I struggle for some weeks now. Sophos is currently blocking some users action with a lockdown event for a program we use. I whitelisted the detected lockdown event from the event log (Exclude this Detection…
    • 3 months ago
    • Sophos Endpoint
    • Discussions
  • Debugging in Lazarus/fpc is slowed down by HitmanPro.Alert service

    Domenico Mammola
    Domenico Mammola
    Hello, starting from today (27/08/2024) debugging in Lazarus ( https://www.lazarus-ide.org/ ) with Free Pascal Compiler ( https://www.freepascal.org/ ) as backend is getting tremendously slow. If I disable the HitmanPro.Alert service everything runs…
    • Answered
    • 3 months ago
    • Sophos Endpoint
    • Discussions
  • Microsoft Skype high cpu usage with Sophos Endpoint

    MysteriousDT
    MysteriousDT
    Hi! I noticed (about since 2 weeks) Microsoft Skype running in background, periodicly causes high CPU usage with Sophos Endpoint ( Sophos File Scanner Process ). Is there any other people here who experienced this?
    • 3 months ago
    • Sophos Endpoint
    • Discussions
  • Editing exclusions leads to deletion - is this a known bug?

    Björn Vermöhlen
    Björn Vermöhlen
    Hi! I just found a bug in the Sophos Central dashboard and could not find it in the known issues list. Here's how to replicate the issue: 1. Create an exclusion of the type "Exploit mitigation", choose an application and deactivate at least one of…
    • Answered
    • 3 months ago
    • Sophos Central
    • Discussions
  • Sophos Central + YARA

    Mansoor Ahmad
    Mansoor Ahmad
    As residents of Saudi Arabia, SAMA provides us with YARA rules for threat detection. How can we effectively create and implement our own query within Sophos Central to scan for these YARA rules? What are the best practices and challenges associated…
    • 3 months ago
    • Sophos Central
    • Discussions
  • suitable product for scanning files, folders on RHEL with no internet connectivity

    Kumar Bavandla
    Kumar Bavandla
    Hello We are looking for a suitable Sophos product for our usecase. Have gone through the documentation, however would like to confirm below: Usecase: a. System is RHEL7.9 and RHEL9 b. Looking for an on demand scan capability to scan files/folder…
    • Answered
    • 3 months ago
    • Sophos Central
    • Discussions
  • Are you not going to update your machine learning engine?

    ong! L
    ong! L
    https://docs.sophos.com/releasenotes/index.html?productGroupID=esg&productID=sesc_interceptx&versionID=allVersions The last update was in 2021, what are you doing?
    • 4 months ago
    • Sophos Endpoint
    • Discussions
  • Sophos File Scanner is using around 80% of RAM

    Akito Galicia
    Akito Galicia
    sdu-feedback.sophos.com/.../8411bb8c-c089-47fa-a58a-761c3367caa5_2024-08-21-00-29-40.zip
    • 4 months ago
    • Sophos Endpoint
    • Discussions
  • MacOS Sophos updates failing - you don’t have permission to access “CID”

    LHerzog
    LHerzog
    We have an increasing number of devices that are outdating. While we cannot really see issues on the endpoints, and Central shows most of the Macs as nice and green, deeper in the Central logs we see a bunch of strange update errors like: Low,"2024…
    • 4 months ago
    • Sophos Endpoint
    • Discussions
<>