Hello all, I am trying to enforce a Peripheral Control : Device policy on a Linux Machine, so that when I plug in a USB, it allows the user to read it, but not write on it. I created the policy under Server Protection, but it is still allowing me to…

Hello, In my domain, standard domain users are not able to install a program. But there are some programs that doesnt require admin rights to be installed. I was wondering if i can block them with Sophos. I have tried application block but for that…

I want to exclude the following (example) from real-time scanning: This directory ( 26e9f183-6e80-4436-8461-a67d55c5e4b1) is randomized within the user's profile temp directory c:\Users\testuser\Temp\26e9f183-6e80-4436-8461-a67d55c5e4b1 These files…

Scenario - Attacker has made into a system and now wants to kill \stop the AV but is tamper locked. From SIEM perspective to Monitor such events what logs can be shipped from the Event viewer? or from Sophos log directories?

Hi All, We have application control currently set to block Microsoft WSH WScripts, and want to keep it that way. However we have a VBS script that uses Wscript that ideally we want to exclude, so it can be run on endpoints without disabling application…

Good Day, We've had some instances where either Sophos protection service or Network protection service might not start up. This cause the computer to become Isolated but we cannot un-Isolate unless we restart or use Admin rights to start the service…

I am testing the Endpoint Protection and Server Protection EAP. I have downloaded the server protection and deployed it on my home DNS server which is running on Ubuntu. It has installed successfully and is registered in Sophos Central in the Server…

Anybody else tried using the "$" variable to exclude a filename and not work?? Looking at the article: Exploit mitigation or ransomware wildcards and variables - Sophos Central Admin Is says this: VariableExample $ All available drives. For…

Hello i need to unistall agent but i can't disable tamper because i don't see client on my control center (i don't know the reason!) how to do? I read many post but i can't modify Sophos MCS Agent registry key (access denied, i tried to change permission…

Dear Team, Kindly share the best practices to remove Sophos encryption before expired.

Hi team, Our customer's intranet has dozens of Windows servers. According to the requirements of the security department, the intranet servers are not allowed to access the Internet. So, I would like to know how sophos central delivers policies and…

We use a SaaS based ticketing system, this is an enterprise application with SSO login and we use this process for many other SaaS based applications. We've an issue today whereby users are unable to login to this SaaS ticketing system resulting in a…

Buen día estimados, Este es el correo que tengo de contacto para solicitar su asesoramiento con las alertas que tenemos en la consola. Mi nombre es Carlos Gomez de la empresa Abastecedora Lumen S.A. de C.V. con el licenciamiento: L0006361860 Adjunto…

I wonder what the Status in the Encryption dashboard means: under which circumstances is it showing "Not encrypted" and not encrypted & "Unmanaged"? On the screenshot all have the encryption module installed, except one computer. The filter is …

Hello, unfortunately we have a little problem with the endpoints policy. So far we had blocked powershell for all users and groups via the base policy. But since we need powershell for certain scripts this way can't work for us. We tried to block…

I'm running into an issue where sophos flags dllhost.exe as suspicious because it runs with no command line arguments. That IS suspicious, my issue is that when I dug into it, that particular process ID it flags on my end does have a command line argument…

Hi, in our VoIP Client there is a ROP Detection. After searching, this is by Exploit detection engine. No I can set exclusions for a lot of things and I in all I checked, it is possible to make a comment like here: but for exploit mitigation…

Hi, I have Central managing over 8800 active endpoints, we use Peripheral control. There are close to 24000 peripherals listed in our organisation, 2180 of which are currently allowed. I have historic data going back 4 years. To find new events…

Hello, Currently i will migrate our sophos enterprise console (SEC) to the sophos cloud. Anyone know here how to check license used by SEC?

After updating windows to the latest version which is 22H2, this error appear on certain device at the Sophos Central. The error: - "Failed to install SED64,AMSI64: 80041f00,80041f00"

Hi everyone, We are looking at getting Sophos Intercept X Advanced. Can anyone confirm if Sophos CIXA can do all the following? Monitoring of Windows clients and Instant alert if a client is compromised with a virus/malware/application vulnerability…

Hi community, Sophos Central has not been approved by Siemens WinCC V7.x ! I am forced to install Sophos Endpoint Agent on such Servers anyway. What are the recommended global exclusions from Sophos for such Servers, and above all which exclusion…

Hi everyone, I'm starting to find a few limitations in the Sophos central endpoint web filtering. Is there any way to find out if a url is in a particular web category when using sophos central? Also could sophos central report on all web browsing…

Hi everyone, If we disable the tamper protection on the device itself, how long does it takes before it is actually disabled? After disabling it, we still cannot uninstall the Sophos Endpoint. Jo

Hi, i have many endpoints that can't update from sophos cloud (restricted network) I have installed update cache on one of my servers its internal IP let's say 10.X.X.X and the hostname is myserver.internal.local and this server also has a public static…