Strange behaviour regarding printer search of Windows Server OS VMs behind Sophos UTM Firewall
Hello Community,
we use a Sophos UTM cluster consisting of two nodes running on Sophos UTM 9.718-5
This Cluster routes the traffic through specific vlans.
We have strange behavior with windows server vms that are operated in vlans behind the sophos…
Add support for BypassIO in Windows storage filter driver
Hello,
I hope i dont miss a thread already discussing this topic.
Starting with Windows 10 1909 we have the ability to use DirectStorage, besides hardware requirements the software also needs to be capable of this.
The storage filter driver of Sophos…
SMC Windows device automatic enrollment
Hello,
For the past week or so I've been playing around and understanding the functionality of SMC, and I wanted to know if there is a way to automatically enrol Windows devices upon joining the Domain, or running a startup script of some sort. Not…
[QueryCorner][June2023] Sophos Endpoint/Server - Auditing for Azure Code Signing Support
Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Purpose
Microsoft announced a requirement for Azure Code Signing…
Windows shares over on-prem ZTNA
First time posting on ZTNA so bear with me.
Deployed ZTNA on-prem on vmWare and setup with Azure IDP. All resources are on-prem. Azure sync works fine and group access defined. Tested access to various resources and they all work fine, except no one…
Connecting VPN when computer starts up
Hello all,
We are running into a problem where users who are not familiar with using much computer software, and haven't used a VPN before. We are using Sophos Connect for our VPN. I would love to be able to make the VPN configuration connect as soon…
[QueryCorner][February2023] Data Lake - Device: Pending Windows/Mac Updates
Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Purpose
If you have not traversed the XDR journals, please review…
PowerShell script to migrate Sophos endpoint protection from current Sophos Central to new Sophos Central
Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Overview
This article describes how to create a PowerShell script…
[QueryCorner][January2023] Live Discover - Network: Processes with an open network connection
Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Purpose
If you have not traversed the XDR journals, please review…
[QueryCorner][October2022] Audit Application Control
Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Purpose
Sophos Endpoint and Server products all come equipped with…
[QueryCorner][October2022] Audit Peripheral Control
Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Purpose
Sophos Endpoint and Server products all come equipped with…
Windows 7 and Server 2008R2 Extended Support Issue
We are experiencing an issue where none of the Windows 7 and Server 2008R2 clients are reporting back to the SEC 5.5.2 console. They do not show as 'up to date'. You can not assign a policy and cannot 'update now.'
This happened previously and Sophos…
Live Discover query to check installed Internet Explorer
Hello all,
I would be very interested if someone has a ready-made query to check an installed Internet Explorer on Windows clients/server?
C:\Program Files\Internet Explorer\iexplore.exe
Many thanks for your support!
[QueryCorner][October2022] Deep Diving into Windows Firewall
Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Purpose
The Windows Firewall is a security component to help protect…
[QueryCorner][September2022] Live Discover - Program Execution Evidence
Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Purpose
This query is taken directly from the Sophos Rapid Response…
[QueryCorner][September2022] Data Lake - IOC Hunting
Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Purpose
The Great Karl_Ackerman put this query together to provide…
[QueryCorner][August2022] Live Response - Five Basics for Windows
Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Purpose
This post is to highlight response actions that an operator…
Sophos Protection for Windows: Automate deployment using Ansible
Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Overview This article provides a high-level overview of deploying…
[QueryCorner][July2022] Windows PCI Audit Report
Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Purpose
This query is designed to give you information required…
[QueryCorner][June2022] Data Lake Device Card - Windows
Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Purpose
This query is designed to give you a "Total Report" of…
Outbound SMB Traffic
I am trying to determine what process is generating outbound SMB traffic on a system. I can see the traffic in the firewall logs, but when I use the query below, nothing comes up. It doesn't matter which system I check, or whether I use port 137 or 445…
No Alert is triggered when a server's endpoint install stops checking in.
I have brought this up before and submitted a request on it... however I need to bring it up again.
It is a huge miss, that my server's install of the endpoint software was not checking in to SOPHOS Central for 2 months, and no alert was triggered.…
Query for MD5 hashes
Hello,
I would like suggestions regarding how to put together a query to find MD5 hashes.
There is a built-in query called Processes matching SHA-256 hashes in the last 30 days (below), but I would like to search for MD5 hashes not SHA-256, since…
Sophos endpoint update failed
I received an alert from Sophos for multiple customers that updates have failed and I was wondering if someone could help me with this. The alert is: Download of WindowsCloudNextGen failed from server http://dci.sophosupd.com
Here is a screenshot of…
Troj/JenxLnk-B
Hi guys ,
I recently inserted a usb stick in my computer and Sophos immidiately recognized it as a virus and it said it cleaned it , my paranoia got to me and I did a full scan and it said my PC was clean , but later on the internet I was going through…