• Intercept X - do process exceptions also exclude exploit mitigations?

    vvovva
    vvovva
    Hi Community, if I add an exe file to the process exceptions, will it still get checked for exploits? Thank you!
    • Answered
    • over 2 years ago
    • Community Chat
    • Discussions
  • No Alert is triggered when a server's endpoint install stops checking in.

    Steve Klassen
    Steve Klassen
    I have brought this up before and submitted a request on it... however I need to bring it up again. It is a huge miss, that my server's install of the endpoint software was not checking in to SOPHOS Central for 2 months, and no alert was triggered.…
    • over 2 years ago
    • Sophos Central
    • Discussions
  • Random RDP Dropouts

    acs
    acs
    Hello All Have a client that has a mix of full fat and thin clients, the full fat clients being W10 Pro are connecting into a RDS server. What am noticing is that one computer is randomly experiencing RDP dropouts. Initially thought it was the NIC and…
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • Web filtering sophos intercept x android

    Sohan Ray
    Sohan Ray
    How does sophos web filtering in Android work? Does it only filter based on blacklisted urls in the database? Or does it perform real time scans of the websites underlying code to detect malicious websites?
    • Answered
    • over 2 years ago
    • Sophos Mobile
    • Discussions
  • Attack Surface Reduction mitigation re: LSASS Memory credential dump attack

    Matthew Smith3
    Matthew Smith3
    This article https://attack.mitre.org/techniques/T1003/001/ lists several mitigations against an LSASS memory credential dump attack, one of which is ASR (Attack Surface Reduction). The mitigation is described as Behavior Prevention on Endpoint and links…
    • Answered
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • Windows Update Query

    Sophos User5832
    Sophos User5832
    Hello - Does anyone have a query they have used to see if Windows Update is running on an endpoint?
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • Sophos MTR

    FormerMember
    FormerMember
    Hello All. So more and more cyber insurance questionnaires are asking for SIEM SOC and 24x7 monitoring. We have been using Sophos Advanced Intercept-X for years and have been relatively happy with it. We considered the XDR option but that means we need…
    • Answered
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • Sophos Intercept X

    tam siryu
    tam siryu
    Could anyone let me know the main features which is available in Sophos intercept X, ( this is for presentation purpose, it would be great if anyone explains me briefly if you know) https://192168ll.link/ https://routerlogin.uno/ thanks in advance …
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • Sophos ML Engine (64-bit) failed to install

    JC12X
    JC12X
    Hello, I am new to Sophos and System Administration in general. Over the weekend, I got several notifications that some of my servers had failed to update Sophos. Below are some error snippets I've identified from the installation log: %ProgramData…
    • Answered
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • Sophos Central - SSPService.exe - hoher RAM Verbrauch

    Thomas Gothe
    Thomas Gothe
    Hallo zusammen, folgende Grundinformationen: HP 449G3 238 AiO System Windows 10 20H2 Intel Core i57500T 2,7GHz 8 GB RAM Sophos Core Agent 2.20.11 Sophos Endpoint Advanced 10.8.11.4 Sophos Intercept X 2.04.24 Wir haben unsere gesamten Rechner auf…
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • Sophos Central Endpoint: Wonder how to perform initial troubleshooting for connection issues with Live Response

    BenedictSiu
    BenedictSiu
    Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. ______________________________________________________________________________________________________________________________…
    • over 2 years ago
    • Sophos Endpoint
    • Recommended Reads
  • Detections: MS Store App with Defense Evasion Asynchronous Procedure Call

    pfeffex
    pfeffex
    Hi, maybe somebody can help me to identify what's going on. I have one workstation with a official MS store app "Your Phone". Sophos detect a RISK 7 level on this command: "C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22012.160.0_x64__8wekyb3d8bbwe…
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • Sophos interfering with NodeJS processes on Mac OSX Big Sur

    FormerMember
    FormerMember
    Ever since I upgraded to Big Sur, I've noticed that Sophos has begun to interfere dramatically whenever I run Jest tests. CPU usage for Sophos spikes to around 400% when running even a modest Jest test program, with 71 tests currently taking 98.6 seconds…
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • Troj/JenxLnk-B

    adithya turaga
    adithya turaga
    Hi guys , I recently inserted a usb stick in my computer and Sophos immidiately recognized it as a virus and it said it cleaned it , my paranoia got to me and I did a full scan and it said my PC was clean , but later on the internet I was going through…
    • over 2 years ago
    • Sophos Central
    • Discussions
  • Some clients fail to update livequery64 when connected via Cisco Anyconnect (Error 1053)

    Patrick_S
    Patrick_S
    Hello there, we got three Laptops where the error message "Failed to install livequery64: general error" is displayed. The affected clients are connected via Cisco Anyconnect (VPN). One client which reported the error on monday was directly connected…
    • Answered
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • how to check if policies / exceptions are applied to endpoints?

    chaosweb2
    chaosweb2
    Hi guys, having a (performance) problem with an application. I built a new policy / enhanced the Base Policy and added some (file and process) exceptions. How can I check on one particular client if these exceptions are working as they should? Using…
    • Answered
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • Unable to uninstall Sophos from RDS

    Boon Hong Wong
    Boon Hong Wong
    Why is Sophos asking for Malwarebytes file when I attempt to uninstall it?
    • Answered
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • Unable to disable Tamper Protection

    Boon Hong Wong
    Boon Hong Wong
    Unable to disable Tamper Protection on a Server, despite it is already disabled in Sophos Central Admin. Even when override Sophos Central Policy for 4 hours to troubleshoot is checked, none of the sliders (including Tamper Protection) can be activated…
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • Toast Notification

    acs
    acs
    Hello I can see this has been requested many years ago but can we not have a toast alert popping up to remind users to reboot their machines when the AV engine needs a full system reboot? Yes I can see this within the Sophos Endpoint control panel…
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • limit disk usage? high usage when scanning files (> 95%)

    Alex Merli
    Alex Merli
    There's a way to limit the disk usage during sophos antivirus scan? We have machines with always active background programs that open and close communications with other machines, but if they have saturated resources, sometimes errors occur and operators…
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • Sophos AV

    shini uzumi
    shini uzumi
    Has anyone experienced the Network Threat Protection service seemingly will stop and restart at will across multiple machines? There are a couple devices that it doesn't restart automatically on https://100001.onl/ https://1921681254.mx/ but the alerts…
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • Web control - endpoint or firewall?

    Jakub Kavka
    Jakub Kavka
    Hello, which product will be better to use in case of Web control? With the new agent rolling out by the end of a month there should be option to use Web control right on endpoint. Does this means, i should use only one Web control or filtering, combine…
    • Answered
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • A quick fix when Sophos endpoint blocks LAN and WAN connections due to service failure

    Sarbrinder Gill
    Sarbrinder Gill
    Hello All, What is a quick fix when Sophos Endpoint service fails to start and the endpoint is blocked on LAN and WAN due to security heartbeat? This happens on random PCs especially when the software is updated. How to start the service. …
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • Intercept X Endpoint Sysprep

    Kaan Demirsah
    Kaan Demirsah
    Hello, I am trying to generate a windows 10 image by sysprep, I install the sophos antivirus with the respective step by step to generate the golden image ( https://support.sophos.com/support/s/article/KB-000035040?language=en_US ) and after this I…
    • Answered
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • Remove Global Exclusion

    Andrew Thompson5
    Andrew Thompson5
    Hi, We have a Global Exclusion set for an executable file. We now no longer want this exclusion to take effect. I can't seem to find a way to delete the exclusion. Can anyone help with this? Many thanks.
    • Answered
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
<>