When I made a scan using virustotal for the site haagtech.se I get a few red flags. Sophos is one of them. The scan looks different if use my phone compared to a computer. On the phone Sophos has its own line, but on the computer it shares line with…

Now this mode only has observation mode, I hope to add interception mode in the future, for example, if the high risk level exceeds a certain score, automatic interception will be triggered and threat chart will be automatically built

I downloaded Eicar in several versions and was confused about this event in the Sophos Endpoint. We do not have eicar on an allow list. Event on the endpoint agent: and in Central: In the documentation I found that zip files containing virus…

I have a large .net7 browser-wasm project that is published with AOT (Ahead-of-time) complication and Sophos keeps flagging "C:Program Files\dotnet\dotnet.exe" as a ransomware threat. The AOT process is linking and packaging a large number of files. Is…

How can I add a new custom application to the exceptions? This does not seem to help or it is not clear what will happen with the path that I add manually: I was looking for something like this: Need to add ROP exclusion for this not so…

Hi, Hopefully a simple question. Today I am seeing an alert for a malware detection for a customer, but the alert is just saying "Requires Attention", rather than something like manual cleanup required. Does this just mean I need to have a look at what…

Hello, intercept-x caught this event, I didn't find any reference. Mal/EncPk-AAI, the detection was in a legitimate program, is this a false positive? Thanks André Soares

uid: 11153a4b-eb17-3ea8-e686-4e277003c638 family_id: 6eb3ff26-0e34-15a1-0f48-11e273784787 process_alias_path: $windows\explorer.exe process_name: Windows Explorer process_version: 10 thumbprint: 20f00333e19359ac81a0ac9dd49f7dd31533f3379a6e57f78bada98b0b7c64cf…

I've whitelisted PSEXEC and I've disabled all the modules for Sophos Endpoint but PSEXEC is still being removed as its recognised as a PUA. I've created a policy to whitelist this app on Central but nothing is applying. Anyone know how to get around…

Hello everyone, I have a problem with eset full disk encryption, in my organization clients have sophos Intercept X Advanced endpoint, and when ı start disk encryption with eset there are alerts by sophos hitman pro that does not permit for encryption…

We have an internal approved application that we've been running for about a year. Sometime last month Sophos Central started blocking it as "CryptoGuard". We have it added in Allowed Applications as well as Global Exclusions. Per this post 3 years ago…

Made a copy of Threat Protection added 2 exclusions C:\ProgramData\SolidCast\ C:\ ProgramData\SolidCast\FixedVolumeFillUtility.exe Yet every now and then we get this: Generic ML PUA detected at C:\ProgramData\SolidCast\FixedVolumeFillUtility…

Hi, I keep receiving this notification on Sophos. So far, I'm running Exchange Server 2019 on VM Host. The error mentioned this path on C drive: inetpub\wwwroot\aspnet_client\nzkqhfcsjpl.aspx . The .aspx name are not consistent. I'm not receiving…

We getting this alert few days ago. Can somebody help me to understand it legit or not? Thank you in advanced. Endpoint Type: Computer OS: Windows Device: HoKahMunNB Ransomware: uid: 0bcd57bb-ee99-4a28-b0d0-ec76291e25f4 family_id: 8f45804d…

Hey there New to Sophos so before i go installing on server running SQL (NOT Clustered) do i need to create any exclusions policies or is intercept x smart enough to do i on its own? if there are policies i need to create can someone guide me through…

We have a print driver that does PDF conversion of your document then uploads to our printshop. Every time someone on a Windows computer uses this driver it is opening an investigation. When I look at the investigation I can see that the print spooler…

Hi, guys Does anybody experience in file recovery that have been cleaned by sophos intercept X, actually I’m working on POC right now and one of my client’s application suspected as PUA, based on our intercept X behaviour, the file will be recover…

How to restore a threat file that has been cleaned up？ （The self-developed program was considered a threat file, so it was cleaned up during the copying process.） How can i restore the file?

Hi I have the same issue as the users in this thread. https://community.sophos.com/community-chat/f/discussions/108211/rop-exploit-prevented-in-microsoft Our users are trying to use a VoIP tool called VoIPOffice Communicator and Sophos is blocking…

There is one client that does nothing else than reporting WipeGuard preventions. Even for Sophos Processes. What's the use of that feature and log? Initial Detection: WIN-MITRE-Behavioral-TA0040-T1561.002

Real Time sanning is (or seems to be) causing major performance issues for our developers when they are creating a project using yarn to assemble the repositories, even if they have cached the files or have them in a local repository. Can the scans be…

We are rolling out Sophos on our servers. One server holds the software repository with company software installers and a lot of tooling for us sysadmins. As one can guess, Sophos detects several PUA's, like Nirsoft apps, TightVNC, a.s.o. We and…

All, I have a new and recent PUA outbreak for almost any .ZIP file on many systems on our network. These files have been on these drives for over two years. Many different files. Sme are ZIP files of old software that has been archived for project…

I have a couple of computers that when downloading, it will stay at 100%. will not allow you to open the file/ will not open "Show in folder".... I can go to my downloads page and I can access it and run the download from there. So after so much troubleshooting…

Why would someone want to add the directory %programfiles(x86)%\Sophos\Sophos Anti-Virus\ as an exclusion from scanning for threats in the Threat Protection Policy?