• Sysinternals and Nirsoft detected as PUA

    Ingo Buyny
    Ingo Buyny
    How can i exclude these apps from being detected as PUA? Do i have to exclude every single app one by one?
    • Answered
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • Application with "conf.json" blocked without events

    Thomas_LSW
    Thomas_LSW
    Hi, I have a Application with unc path "\\server-01\test$\xyz.exe". The shortcut of the application is in the same folder with "conf.json" in it. Sophos Central blocked this program without any events! Can anybody help ? best regards, Tho…
    • Answered
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • A lot of WMV files deleted since last weeks for unknow reason

    Sophos User3113
    Sophos User3113
    Hello, since last week, for unknown reason our Sophos Endpoint delete all WMV files on computers. This is the event : Malware detected: 'W32/GetCodec-A' at 'XXX\Intro discours.wmv' Any idea why it's happen now?? I already created a ticket to…
    • Answered
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • Malicious Behaviour (PrivGuard) detected

    Ingo Buyny
    Ingo Buyny
    Hello, i use gsudo.exe with Windows Terminal to start CMD or Powershell with administrative rights but since i use Sophos Endpoint it shuts down the Terminal app every time the gsudo process opens a new tab. The Error message is "Malicious Behaviour…
    • Answered
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • Sophos Data Control - Data Loss Prevention Policy

    Nicholas Pelczar
    Nicholas Pelczar
    We are a SEC shop but making the transition to the Sophos Cloud. We have used the data control policies in SEC for years to monitor local activity on individual machines. Unfortunately the same rules and policies on SEC fail to allow Outlook to open in…
    • over 2 years ago
    • Sophos Central
    • Discussions
  • Sophos Intercept X identified fsquirt.exe as ransomware and then all traces of the alert are gone?

    Mark Andrich
    Mark Andrich
    We received a high alert on one of our workstations. The user was transferring files from their phone via Bluetooth. CryptoGuard detected ransomware in C:\Windows\System32\fsquirt.exe We ran a scan and it came up clean. There's nothing in the…
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
<