• Scheduled Scans

    Lee Wolstencroft Personal
    Lee Wolstencroft Personal
    Hi, Quick question with regards to scheduled scans. Each time a scan is run does it do a full scan each time or is the previous scan cached so it only scans changes? Thanks, Lee.
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Onenote false positives in Google Drive File Stream files stored locally on machines being detected

    Marvin Mathieu
    Marvin Mathieu
    I have been having an issue with Onenote files being detected as false positives and to prevent half of the detections from happening, I excluded all onenote files with the file extensions *.onepkg and *.one.backupconsctruction globally regardless of…
    • over 1 year ago
    • Sophos Central
    • Discussions
  • Scheduled Scan is deactivated in policy - keeps getting started

    DnielTamb
    DnielTamb
    One of our customer wanted to deactivate the Sophos Scheduled Scan on the client devices. I changed the settings in the Threat Protection Base-Policy. But the clients still do a weekly scheduled scan. Is there any other option in the policy settings…
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • CryptoGuard detected ransomware in C:\Program Files\Sophos\Endpoint Defense\SophosCleanup.exe

    Lim Woei Kang
    Lim Woei Kang
    Dear All, im facing CrytoGuard detected on sophoscleanup.exe CryptoGuard detected ransomware in C:\Program Files\Sophos\Endpoint Defense\SophosCleanup.exe anyone encountered this issue before?
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Does Sophos can block Rorschach ransomware?

    TimChen
    TimChen
    Does Sophos can block Rorschach ransomware? www.trendmicro.com/.../an-analysis-of-the-bablock-ransomware.html
    • over 1 year ago
    • Sophos Central
    • Discussions
  • The popover of endpoint software in simplified Chinese system is garbled

    ong! L
    ong! L
    Will it be repaired?
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Endpoint Protection not applying global exclusions

    TheDrew2022
    TheDrew2022
    Evening, I recently came across an issue I can't figure out how to resolve. We have an add-in for Excel that causes Sophos Endpoint to kill the program with a "StackExec" (MemProt) exploit prevented in Excel. Up until now we've just added the detection…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Can't add PUA Exclusion

    SteveGross
    SteveGross
    I have followed the steps for a Global Exclusion to allow downloading the file Tron v12.0.5 (2023-02-02).exe. However, when I try to add it as a PUA, it won't allow me with the error message "PUA name is not valid". I've tried wildcards but that doesn…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Blocking/Warning compressed files - Intercept X

    Jonas Stadler
    Jonas Stadler
    Hello everyone, i am looking for a option to restrict the download of compressed files via Sophos Intercept X Advanced. In our XG 230 we set the filetyp "Compressed Files" to "warn" and it works as desired. But we also have a few notebooks that leave…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • How can I exclude a false positive for onepkg files if the Hash and Path is different for each user?

    Marvin Mathieu
    Marvin Mathieu
    Apr 17, 2023 8:19 PM Manual malware cleanup required: 'Mal/OneBad-A' at 'C:\Users\greg_peterson\Downloads\Augustin MaryAnne 302642.onepkg' How can I effectively exclude onepkg false positives across my organization when the path and hash…
    • over 1 year ago
    • Sophos Central
    • Discussions
  • Sophos NDR "bootlooping"

    Thorben Paulik
    Thorben Paulik
    Hello Community, i have two NDR VMs active at two locations. Now one of them works just fine, capturing packets from our network switches and uploading them to Sophos Central. The other one also captures packets just fine, but doesn't want to…
    • Answered
    • over 1 year ago
    • Sophos NDR
    • Discussions
  • How to reduce Stack Exec detections

    Daina McFarlane
    Daina McFarlane
    Recently we noticed that we are receiving over five detections on a given day for Stack Exec . The threat graph for all detections are identical with the root cause been Microsoft Office 2016. The reputation for Microsoft Office is good and the file is…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Proteccion contra amenazas de la red Limita la velocidad de internet del navegador

    Hernan Vasquez
    Hernan Vasquez
    Hola a todos Tengo un servidor windows 2019, con el agente de sophos intercep X Advance instalado, los usuarios reportan lentitud a la hora de navegar, realizando diferentes pruebas con medidores de velocidad de internet instalados en el servidor…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Question for in-house made Python script

    Jo Vanattenhoven
    Jo Vanattenhoven
    Hello everyone, I have a question. Some of your users needs to run a Python script (through VBA, command prompt or Python prompt). At the moment it gets blocked by Sophos. What's the best way to tackle this problem and allow this script to be run? …
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • How can we comment a exclusion in a Threat Protection Policie?

    Marcel Saggau
    Marcel Saggau
    We want to use a comment function in a "normal" Policie. If we click on "Add Exclusion" there is no field to comment something.
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • "Policy non-compliance: Exploit Detection" Alert disappears with no information of what was the cause

    Edward Burnside
    Edward Burnside
    We have been getting some "Policy non-compliance: Exploit Detection" alerts from some of our devices. These then return to compliance once the device was next powered on. This is great that they return to compliance, but there doesn't appear to be any…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • How to detect Microsoft Office documents spawning processes?

    Bill Elkin
    Bill Elkin
    How to detect Microsoft Office documents spawning processes? Such as: PowerShell CMD WMI MSHTA Etc.
    • over 1 year ago
    • Sophos Central
    • Discussions
  • 'APCViolation' exploit prevented in crystal16

    Parag Shukla
    Parag Shukla
    Hi Team, We have some systems where Sophos clients are running and considering below path suspicious. PathC:\Program Files (x86)\Avantium Technologies\Crystal16.exe I have created global exclusion in two ways:- 1) Based on File or folder (Windows…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Using LogMeIn Rescue Generates an Investigation

    Matt Schmitt
    Matt Schmitt
    I use LogMeIn Rescue to support remote PCs. Last week, Sophos EDR has started generating an Investigation after each use. Has anyone else seen this of have any insignt? Initial Detection: WIN-MITRE-Behavioral-TA0005-T1562.009 Risk 6 Category:…
    • Answered
    • over 2 years ago
    • Sophos Central
    • Discussions
  • Complete scan performance issue

    Anishkumar C
    Anishkumar C
    Most of the customer has Performance issue while in complete scan. is there any option to set priority or performance control in Sophos agent option for complete scan.
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Sophos Central - False positive - Connectwise Screenconnect - a Thoma Bravo Company - Same as Sophos

    Dennis Jones
    Dennis Jones
    Good morning (NZ Time) We are an IT support business We use connectwis's screenconnect product to remotely support all of our clients, and have done for 6 years. From Yesterday afternoon (NZ Time) our Sophos Central alerts are going off with the below…
    • over 1 year ago
    • Sophos Central
    • Discussions
  • Adaptive Active Adversary Protection

    Laureen Hart
    Laureen Hart
    From this morning's New Innovations email: "Adaptive Active Adversary Protection temporarily puts the impacted device into a more aggressive security mode that disrupts and delays the attacker by automatically blocking a wide range of activities that…
    • over 1 year ago
    • Sophos Central
    • Discussions
  • Sophos RT File Scanning SIgnificantly Slows Chrome

    Patrick Kobly
    Patrick Kobly
    We are in the process of rolling out Central Intercept X Advanced with XDR and MTR. Developers have complained that Sophos makes their Windows machines sluggish. Same behaviour does not exist or is not as bad on Mac machines. We have been able to reduce…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Protect Critical Functions in Web Browsers (Safe Browsing)

    Lee Wolstencroft Personal
    Lee Wolstencroft Personal
    Hello, I have been asked by a customer if there is a document which thouroughly explains how 'Protect critical functions in web browsers (Safe browsing) works but cannot seem to find anything. Does such a document exist? Thanks, Lee.
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Allow access to uncategorised Wi-Fi network splash screen logons

    David Rowan
    David Rowan
    We have an issue where if our users want to use a Hotel, Conference Centre, or Airport Lounge’s Wi-Fi they can’t because the Wi-Fi network’s internal logon splash screen is blocked as ‘Uncategorised’ by SOPHOS Central Web Protection and we don’t allow…
    • over 1 year ago
    • Sophos Central
    • Discussions
<>