Will it be repaired?

Evening, I recently came across an issue I can't figure out how to resolve. We have an add-in for Excel that causes Sophos Endpoint to kill the program with a "StackExec" (MemProt) exploit prevented in Excel. Up until now we've just added the detection…

I have followed the steps for a Global Exclusion to allow downloading the file Tron v12.0.5 (2023-02-02).exe. However, when I try to add it as a PUA, it won't allow me with the error message "PUA name is not valid". I've tried wildcards but that doesn…

Hello everyone, i am looking for a option to restrict the download of compressed files via Sophos Intercept X Advanced. In our XG 230 we set the filetyp "Compressed Files" to "warn" and it works as desired. But we also have a few notebooks that leave…

Apr 17, 2023 8:19 PM Manual malware cleanup required: 'Mal/OneBad-A' at 'C:\Users\greg_peterson\Downloads\Augustin MaryAnne 302642.onepkg' How can I effectively exclude onepkg false positives across my organization when the path and hash…

Hello Community, i have two NDR VMs active at two locations. Now one of them works just fine, capturing packets from our network switches and uploading them to Sophos Central. The other one also captures packets just fine, but doesn't want to…

Recently we noticed that we are receiving over five detections on a given day for Stack Exec . The threat graph for all detections are identical with the root cause been Microsoft Office 2016. The reputation for Microsoft Office is good and the file is…

Hola a todos Tengo un servidor windows 2019, con el agente de sophos intercep X Advance instalado, los usuarios reportan lentitud a la hora de navegar, realizando diferentes pruebas con medidores de velocidad de internet instalados en el servidor…

Hello everyone, I have a question. Some of your users needs to run a Python script (through VBA, command prompt or Python prompt). At the moment it gets blocked by Sophos. What's the best way to tackle this problem and allow this script to be run? …

We want to use a comment function in a "normal" Policie. If we click on "Add Exclusion" there is no field to comment something.

We have been getting some "Policy non-compliance: Exploit Detection" alerts from some of our devices. These then return to compliance once the device was next powered on. This is great that they return to compliance, but there doesn't appear to be any…

How to detect Microsoft Office documents spawning processes? Such as: PowerShell CMD WMI MSHTA Etc.

Hi Team, We have some systems where Sophos clients are running and considering below path suspicious. PathC:\Program Files (x86)\Avantium Technologies\Crystal16.exe I have created global exclusion in two ways:- 1) Based on File or folder (Windows…

I use LogMeIn Rescue to support remote PCs. Last week, Sophos EDR has started generating an Investigation after each use. Has anyone else seen this of have any insignt? Initial Detection: WIN-MITRE-Behavioral-TA0005-T1562.009 Risk 6 Category:…

Most of the customer has Performance issue while in complete scan. is there any option to set priority or performance control in Sophos agent option for complete scan.

Good morning (NZ Time) We are an IT support business We use connectwis's screenconnect product to remotely support all of our clients, and have done for 6 years. From Yesterday afternoon (NZ Time) our Sophos Central alerts are going off with the below…

From this morning's New Innovations email: "Adaptive Active Adversary Protection temporarily puts the impacted device into a more aggressive security mode that disrupts and delays the attacker by automatically blocking a wide range of activities that…

We are in the process of rolling out Central Intercept X Advanced with XDR and MTR. Developers have complained that Sophos makes their Windows machines sluggish. Same behaviour does not exist or is not as bad on Mac machines. We have been able to reduce…

Hello, I have been asked by a customer if there is a document which thouroughly explains how 'Protect critical functions in web browsers (Safe browsing) works but cannot seem to find anything. Does such a document exist? Thanks, Lee.

We have an issue where if our users want to use a Hotel, Conference Centre, or Airport Lounge’s Wi-Fi they can’t because the Wi-Fi network’s internal logon splash screen is blocked as ‘Uncategorised’ by SOPHOS Central Web Protection and we don’t allow…

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Overview If you find that the SophosFileScanner.exe process is…

Hi, I work in an organisation environment where we have a variety of user laptops and are running Sophos Endpoint. Products Core Agent 2022.4.1.1 Sophos Intercept X 2022.1.3.3 We have been experiencing an issue with one device , a Lenovo…

Does the Sophos File scanner scan files in a WSL1 installation? Those files are available to Windows at \\wsl.localhost\ Thank you, Carlton

We've recently updated to Endpoint and have an unusual issue with one of our users recently migrated to Win10 and Endpoint. Whenever they attempt to launch Volunteer Reporter by Volsoft it is blocked by Sophos. I am awaiting a local screenshot from our…

I am only able to access a Hyper-V server from the Hyper-V Manager on the physical host. When the connection is established, I can use MSTSC from my local Windows 11 machine to connect to the server and take control of the session. However , if I attempt…