Dear development team, A PUA has been detected, but the filename or hash does not provide details. I want to restore the file to check the details, but I cannot restore it unless I allow it from the event on the device management screen. It is dangerous…

We getting this alert few days ago. Can somebody help me to understand it legit or not? Thank you in advanced. Endpoint Type: Computer OS: Windows Device: HoKahMunNB Ransomware: uid: 0bcd57bb-ee99-4a28-b0d0-ec76291e25f4 family_id: 8f45804d…

Hey there New to Sophos so before i go installing on server running SQL (NOT Clustered) do i need to create any exclusions policies or is intercept x smart enough to do i on its own? if there are policies i need to create can someone guide me through…

We have a print driver that does PDF conversion of your document then uploads to our printshop. Every time someone on a Windows computer uses this driver it is opening an investigation. When I look at the investigation I can see that the print spooler…

Hi, guys Does anybody experience in file recovery that have been cleaned by sophos intercept X, actually I’m working on POC right now and one of my client’s application suspected as PUA, based on our intercept X behaviour, the file will be recover…

How to restore a threat file that has been cleaned up？ （The self-developed program was considered a threat file, so it was cleaned up during the copying process.） How can i restore the file?

Hi I have the same issue as the users in this thread. https://community.sophos.com/community-chat/f/discussions/108211/rop-exploit-prevented-in-microsoft Our users are trying to use a VoIP tool called VoIPOffice Communicator and Sophos is blocking…

There is one client that does nothing else than reporting WipeGuard preventions. Even for Sophos Processes. What's the use of that feature and log? Initial Detection: WIN-MITRE-Behavioral-TA0040-T1561.002

Real Time sanning is (or seems to be) causing major performance issues for our developers when they are creating a project using yarn to assemble the repositories, even if they have cached the files or have them in a local repository. Can the scans be…

We are rolling out Sophos on our servers. One server holds the software repository with company software installers and a lot of tooling for us sysadmins. As one can guess, Sophos detects several PUA's, like Nirsoft apps, TightVNC, a.s.o. We and…

All, I have a new and recent PUA outbreak for almost any .ZIP file on many systems on our network. These files have been on these drives for over two years. Many different files. Sme are ZIP files of old software that has been archived for project…

I have a couple of computers that when downloading, it will stay at 100%. will not allow you to open the file/ will not open "Show in folder".... I can go to my downloads page and I can access it and run the download from there. So after so much troubleshooting…

Why would someone want to add the directory %programfiles(x86)%\Sophos\Sophos Anti-Virus\ as an exclusion from scanning for threats in the Threat Protection Policy?

Hi, I have an aplication solution that is builded in Blazor WebAssembly, this one download DLL on the web navigator but Sophos block it with message: " 'zeus.mydomain.local/.../ExcelNumberFormat.dll' blocked due to filetype 'Windows Library File (dll…

Hello, I use an IPSecVPN / SSL VPN connection in conjunction with Sophos Endpoint Protection on the end devices in a company with around 200 employees. Unfortunately, our laptops have an extremely poor / slow connection as soon as endpoint protection…

Hi all, I got an alert from my Sophos Central saying that "Safe Browsing detected browser Google Chrome has been compromised". I clicked on the details and not much were provided. May I know how to mitigate this problem https://19216811.cam/ . Thank…

Good Morning, One of the applications we use in our organisation has started to be impacted by Sophos Endpoint Agent. I have the following error inside the SED logs... 2022-08-24T09:25:56.232Z SED Comms Error Count: 1 Process denied authorization…

Hi, We have an issue where users are unable to overwrite Creative Cloud files on network shares. For instance if the user opens a Photoshop psd, makes a change and saves the file they get the error "could not save XXXXX.psd because write access was…

J’a

Is there anything special that needs to be done for Configuration Manager to work with Intercept-X? Some (not all and it changes A LOT) computers aren't seeing deployments in Software Center. Some computers will see 5 one day then all the next. Some will…

we have a desktop users which is installed the intercept x endpoint. now for these user are facing an issue that when they open a specific link the chrome or edge is getting error pages un responsive. when try with another user from the desktop which…

Hi, We have had 2 of these notifications over the past week on two computers days apart. Can somebody please help me to understand this. Many thanks in advance. Endpoint Type : Computer OS : Windows Device : …

Hello, I have a problem with myportal@work. Filename: "myprotal @work.exe" (the blank is correct). Already globally excluded this in Sophos Endpoint. Despite this, Sophos keeps deleting the exe file. I excluded the whole folder and also the file. Allready…

Does sophos protect mapped drives on endpoints?

Good afternoon I use SyncBackFree, it creates a temporary file. It is detecting it as a virus I've been looking for documentation on Troj/DrodZp-CB and I can't find any documentation. Has something similar happened to you?