• Is it possible to exclude a process from data lake detections?

    Travis_Dadmin
    Travis_Dadmin
    Good morning, We use Faronics Deep Freeze in our environment on shared-use PCs in classrooms and computer labs. We are experimenting with turning on data lake uploads to start using the threat analysis center, and the Deep Freeze detections are very…
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Since the 28th of october I've been getting a message stating a scan will start. I perform a scan and nothing is found but everyday i get this message.

    Malcolm McFarlane
    Malcolm McFarlane
    Sophos home, Since the 28th of october I've been getting a message stating a scan will start due to ransomware detected a few days ago. I perform a scan and nothing is found but everyday i get this message. The file mentioned in the history is, C…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Network threat Protection - Blocking PowerShell Login to MS Compliance search via the Localhost browser address

    jp_2006
    jp_2006
    Open Powershell 7 Connect-IPPSSession -UserPrincipalName User@domain.com MS login processes starts by trying to open a browser window with a local host address and a random port. The connection is refused and the login process to MS stops localhost…
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Sophos Endpoint Protection - Application Control

    Moritz Wiesenmaier1
    Moritz Wiesenmaier1
    Hello everyone, I miss the functionality of the application control in the endpoint protection that is available with SFOS. Although there is an application control, it can “only” control which application on the system are allowed or denied for running…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Tamper Protection Removal Tool

    Dereck Radford
    Dereck Radford
    Hello, We had a previous IT company that we have dropped and they supposedly removed Sophos Endpoint Protection on 200+ devices but we found it on 145 ish devices. They won't give us access to the portal and they are stating there is nothing they…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Manual malware cleanup required: 'Unknown Threat' at 'null'

    Antonio Lizares
    Antonio Lizares
    Hello. On some sophos endpoints the following error appears "Manual malware cleanup required: 'Unknown Threat' at 'null'". Could you tell me what this error refers to or how to solve it? The version in which this error appears is CoreAgent 2023.1.3.5…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Outbreak Mal/HTMLGEN-A

    Admin Maurice van Boxtel
    Admin Maurice van Boxtel
    We have several clients accessing this website. The message in Sophos: The root cause tried to access a URL known to be associated with malware. URL: rinozuid.anewspring.nl/jsonrpc Is this website actually a risk or is this a false…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Sophos endpoint using high cpu when updating windows

    Tri Nguyen2
    Tri Nguyen2
    Hi sophos team. I have an issue with sophos endpoint. The computer is so lagged when updating windows. Sophos endpoint defense software and sophos file scanner took over 50% cpu, do we have settings to bypass scanning update from window. The endpoint…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Sophos machine learning doesn't work?

    Andre Soares
    Andre Soares
    I'm doing a POC with Crowdstrike and on the test computer we received a file that was detected as ( RegistryPersistEdit ) by Crowdstrike's machine learning. Sophos detected nothing and let the file make changes to the Windows registry. Sophos machine…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Failed to install component NTP64: 8000ffff

    Matthias Primetzhofer
    Matthias Primetzhofer
    Sophos NTP64 installation fails on Server 2019 Standard, see error log below: 2023-10-16T12:13:04.0582833Z INFO : Running C:\\Users\\FBS_AD~1\\AppData\\Local\\Temp\\SophosSetup-1000217844\\Setup.exe 2023-10-16T12:13:04.0582833Z INFO : Stage 1 command…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Endpoint webcontrol category lookup

    Sam Mroe
    Sam Mroe
    Hello there, Is there any tool to lookup URLs and find their classified categories for use with Central Endpoint WebControl? The categories don't match up with SFOS categories and the explanation of the categories, while verbose doesn't provide…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Device Isolation

    Tony Vega
    Tony Vega
    Earlier today we tested out device Admin Isolation since we have never used it. Isolated just fine, but now cannot remove as the Isolation "status" has shown "Isolating..." for the last 5 hours. Health is Green and does not and never did show up in Admin…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • How long does Sophos Central try to isolate offline computers?

    Jens Westermann
    Jens Westermann
    Hi, using Intercept Advanced X, from time to time we want to isolate computers which aren't online at the moment. How long waits Sophos Central for the computer to be online again? At some point, it just gives up, want to know when I have to recheck…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • [DE,EN] Über RDP redirectetes Laufwerk exclude, RDP redirected drive exclude

    Colin Frehner
    Colin Frehner
    [DE] Hallo zusammen Heute schilderte mir ein Kunde das Problem, dass beim Versuch, eine CD in seiner Remotedesktop Session mittels Windows (drag and drop) zu brennen der Vorgang abbricht und die CD somit unbrauchbar macht bis man sie neu formatiert…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • AMSI/Reflect-KA Detection

    Jones Malhotra
    Jones Malhotra
    Hello everyone, We get the following alert What happened: We could not clean up a threat. Where it happened: computer name Path: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe What was detected: AMSI/Reflect-KA How severe it…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Display Installed Programs on Computers

    Onur Akcay
    Onur Akcay
    Hello, I want to display installed programs on my users' computers. I wonder if i can do that with Sophos. Thanks,
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • MTR Update failure v2.4.0.59

    LHerzog
    LHerzog
    happens today: C:\ProgramData\Sophos\AutoUpdate\Logs\SophosUpdate.log 2023-09-27T07:14:15.702Z [ 9848:13456] I Installing component MTR64 (MTR64) 2.4.0.59 2023-09-27T07:14:15.889Z [ 9848:13456] I setupDll='C:\ProgramData\Sophos\AutoUpdate\Cache\decoded…
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Blocked mtp/ptp device printer while installing

    Thomas Meier2
    Thomas Meier2
    Hi there, I do have a policy Block-USB devices with many exceptions. Suddenly I got the message the device is blocked when installing a printer even when the printer ( MTP/PTP ) is on the exception list by model-id. Model-ID: UMB\VEN_03F0&DEV_HP_PageWide_MFP_P57750&SUBSYS_J9V82B…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Web control lists specific endpoint as top malware downloader but no events can be found on the endpoint itself

    BostjanR
    BostjanR
    Hi, we can see an endpoint and user as "huge" malware downloader in "Top Malware Downladers" report: https://central.sophos.com/manage/endpoint/reports/web-control/malware/create But I can't find a single event or alert or anything linked to specific…
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • How much a DLP will support on Central Intercept X Advanced

    Hemanth Kurungat
    Hemanth Kurungat
    We had a CIXA Demo session with a customer, They have raised the below queries, 1. All public email services (Yahoo, Gmail etc) have to block login-in and allow only the business email/Outlook. Instead of blocking individual, they need a category…
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Sophos clean stopped

    Jose Gonzales Ramos
    Jose Gonzales Ramos
    we have this problem, we already reinstall agent, reboot, there is no other security solution
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Sophos Firewall reported computer not sending heartbeat signals

    Jonas Stadler
    Jonas Stadler
    Hello everyone, a few weeks ago, we finally activated heartbeat-restrictions on our XG 230 ( SFOS 19.5.1 MR-1-Build278) . After that, we got a lot of "missing heartbeat" alerts, which I could reduce by changing the report delay of the firewall to central…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Update Cache / Relay Server

    BilalAmjad
    BilalAmjad
    I have Few Servers in Azure cloud. I installed update cache and message relay in one server that is always connected to internet but other 30 servers I wanted to assign to that server. I tried to assign manually point that servers where update cache and…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Controlled/blocked applications are showing up in the list of Allowed Applications - Sophos Central.

    alan weir
    alan weir
    I am testing the Sophos endpoint protection EAP, and have synchronized application control enabled. I am having an issue, where all the controlled application that are set to blocked are showing up as allowed, even applications I do not use, such as remote…
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Digital Certificate on Browser

    Anderson Feitoza
    Anderson Feitoza
    Hi everyone, i 'm having trouble using the certificates we have installed in browsers to authenticate to some web services. The endpoint is blocking usage, making usage impossible. Has anyone gone through something similar?
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • View related content from anywhere
  • More
  • Cancel
<>