• Exclude Threat Detection "TA0005 - Defense Evasion"

    Colsam
    Colsam
    Our SAP server’s backup process, that is using certutil.exe, is detected as a defense evasion threat. In details the detection is Detection ID: WIN-EVA-PRC-CERTUTIL-DECODE-1 Command Line: certutil -decode password.b64 password.txt File Path: C:\Windows…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Sophos keeps notifying c:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Exec_28a (T1059.001) and Exec_6a (T1059.001)

    Matteo Vinti
    Matteo Vinti
    Hello Everyone, I have tryied to search about this in the forum but couldn't find anything. My scenario is : XGS2100 Xstream protection + Endpoints with advanced Threat protection. I keep receiving this two alerts but I have tried to see what to do…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Sophos MCS services

    PK1
    PK1
    Purpose of these 2 services Sophos MCS Client and Sophos MCS Agent, what do they do? Any KBA to detail the explanation or nature of each Sophos service on windows devices?
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Sophos Endpoint-peripheral

    Ahmed Sani
    Ahmed Sani
    Hello, is it possible to set time to blocking USB port? As in block or leave it open for just a certain time period.
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Disable Tamper Protection - Device Removed from Portal

    Susan Pieroni
    Susan Pieroni
    I have a device that at some point was deleted from the Sophos portal. I've tried reinstalling Sophos but am getting a message stating that tamper protection needs to be disabled. What steps can I take to get the device back on the portal? Thank you…
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • About Threat Graphs

    Alparslan Bolat
    Alparslan Bolat
    Hi there, What does what is found on the Threat Graphs mean? what should I do as a solution?
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • How to change Sophos Endpoint Agent language by command lin

    Tara Hsiao
    Tara Hsiao
    I have installed Sophos Sophos Endpoint Agent on Windows 10, how to change language from Japanese to English by command line instead of via GUI?
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Cryptoguard detect ransomware in $programfiles\Sophos\Endpoint Defense\SEDService.exe

    LMSIIATO
    LMSIIATO
    Hi to all, I'm confused about a cryptoguard detection, it seems they found ransomware on a component of sophos itself. id: {"type":3,"data":"10HWczOjodtRTCUtmJysJQ=="} family_id: a1e45bc2-168e-553c-f81a-5e712666d413 process_alias_path…
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • 2023.1.3.5 BETA

    Brian Loska
    Brian Loska
    When installing core agent 2023.1.3.5, some devices show 2023.1.3.5 BETA and some show 2023.1.3.5 versions. Why is there two versions? When did the version change? Updating does not change it to 2023.1.3.5 BETA version to 2023.1.3.5.
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Unable to Start Scan - Intercept X with EDR & XDR

    Joseph H
    Joseph H
    Hello, I am unable to manually start a scan on the endpoint. Windows 11 I click scan nothing happens. Any advice? Thank you, Joseph
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Failed to install component(s): hmpa64

    Jiming Zhou
    Jiming Zhou
    ####Sophos HitmanPro Alert Initial install log 20231115T013935 2023-11-15T01:39:40.6403111Z ERROR : SetupPluginCommand::onRun() failed with ComponentInstaller::InstallError: Failed to install component(s): hmpa64 2023-11-15T01:39:40.6403111Z INFO :…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Keine Sophos Sicherheitsprodukte installiert

    Karsten Rauer1
    Karsten Rauer1
    Auf dem Windows Server 2012R2 Standard habe ich " Intercept X Advanced for Server with XDR" installiert. Problem: Obwohl alles nach der Installation gut aussieht, werden die Server nicht aktualisiert und kommunizieren auch nicht mit Central. …
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • High CPU Usage - SEDService.exe offline

    Mori Bir
    Mori Bir
    Hi, I have an annoying problem with the Sophos Endpoint Agent. When I am connected to the internet everything is fine. However, when I unplug the cable and am offline, the load on SEDService.exe goes way up. I have now noticed that under C:\ProgramData…
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Manual PUA cleanup required: 'PsExec'

    Andrew Rouse
    Andrew Rouse
    Hey Everyone, Scratching my head over how to deal with this PAU as I can't find much information on it on the old Google box. The identified PAU is PsExec located within the ZIP WPJCleanUp, PsExec as well as WPJCleanUp are legitimate Windows resources…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • firefox error accessing the web with ssl inspection enable

    Shay Hanya
    Shay Hanya
    Hi I have ssl inspection in intercept x advanced with xdr/ I have a problem surfing with firefox. the message is: Software is Preventing Firefox From Safely Connecting to This Site mxtoolbox.com is most likely a safe site, but a secure connection…
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Heartbeat 1.15.1122.0 Error: Standard exception: use_private_key: unsupported - no Heartbeat

    LHerzog
    LHerzog
    Heartbeat is becoming my best friend. Yesterday I identified a Windows Server that had no heartbeat due to expired certificates. I reinstalled the agent and all was fine. Later the endpoint updated the heartbeat component from 1.15.835.0 to 1.15.1122…
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Is it possible to exclude a process from data lake detections?

    Travis_Dadmin
    Travis_Dadmin
    Good morning, We use Faronics Deep Freeze in our environment on shared-use PCs in classrooms and computer labs. We are experimenting with turning on data lake uploads to start using the threat analysis center, and the Deep Freeze detections are very…
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Since the 28th of october I've been getting a message stating a scan will start. I perform a scan and nothing is found but everyday i get this message.

    Malcolm McFarlane
    Malcolm McFarlane
    Sophos home, Since the 28th of october I've been getting a message stating a scan will start due to ransomware detected a few days ago. I perform a scan and nothing is found but everyday i get this message. The file mentioned in the history is, C…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Network threat Protection - Blocking PowerShell Login to MS Compliance search via the Localhost browser address

    jp_2006
    jp_2006
    Open Powershell 7 Connect-IPPSSession -UserPrincipalName User@domain.com MS login processes starts by trying to open a browser window with a local host address and a random port. The connection is refused and the login process to MS stops localhost…
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Sophos Endpoint Protection - Application Control

    Moritz Wiesenmaier1
    Moritz Wiesenmaier1
    Hello everyone, I miss the functionality of the application control in the endpoint protection that is available with SFOS. Although there is an application control, it can “only” control which application on the system are allowed or denied for running…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Tamper Protection Removal Tool

    Dereck Radford
    Dereck Radford
    Hello, We had a previous IT company that we have dropped and they supposedly removed Sophos Endpoint Protection on 200+ devices but we found it on 145 ish devices. They won't give us access to the portal and they are stating there is nothing they…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Manual malware cleanup required: 'Unknown Threat' at 'null'

    Antonio Lizares
    Antonio Lizares
    Hello. On some sophos endpoints the following error appears "Manual malware cleanup required: 'Unknown Threat' at 'null'". Could you tell me what this error refers to or how to solve it? The version in which this error appears is CoreAgent 2023.1.3.5…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Outbreak Mal/HTMLGEN-A

    Admin Maurice van Boxtel
    Admin Maurice van Boxtel
    We have several clients accessing this website. The message in Sophos: The root cause tried to access a URL known to be associated with malware. URL: rinozuid.anewspring.nl/jsonrpc Is this website actually a risk or is this a false…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Sophos endpoint using high cpu when updating windows

    Tri Nguyen2
    Tri Nguyen2
    Hi sophos team. I have an issue with sophos endpoint. The computer is so lagged when updating windows. Sophos endpoint defense software and sophos file scanner took over 50% cpu, do we have settings to bypass scanning update from window. The endpoint…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Sophos machine learning doesn't work?

    Andre Soares
    Andre Soares
    I'm doing a POC with Crowdstrike and on the test computer we received a file that was detected as ( RegistryPersistEdit ) by Crowdstrike's machine learning. Sophos detected nothing and let the file make changes to the Windows registry. Sophos machine…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • View related content from anywhere
  • More
  • Cancel
<>