We use a SaaS based ticketing system, this is an enterprise application with SSO login and we use this process for many other SaaS based applications. We've an issue today whereby users are unable to login to this SaaS ticketing system resulting in a…

Buen día estimados, Este es el correo que tengo de contacto para solicitar su asesoramiento con las alertas que tenemos en la consola. Mi nombre es Carlos Gomez de la empresa Abastecedora Lumen S.A. de C.V. con el licenciamiento: L0006361860 Adjunto…

I wonder what the Status in the Encryption dashboard means: under which circumstances is it showing "Not encrypted" and not encrypted & "Unmanaged"? On the screenshot all have the encryption module installed, except one computer. The filter is …

Hello, unfortunately we have a little problem with the endpoints policy. So far we had blocked powershell for all users and groups via the base policy. But since we need powershell for certain scripts this way can't work for us. We tried to block…

I'm running into an issue where sophos flags dllhost.exe as suspicious because it runs with no command line arguments. That IS suspicious, my issue is that when I dug into it, that particular process ID it flags on my end does have a command line argument…

Hi, in our VoIP Client there is a ROP Detection. After searching, this is by Exploit detection engine. No I can set exclusions for a lot of things and I in all I checked, it is possible to make a comment like here: but for exploit mitigation…

Hi, I have Central managing over 8800 active endpoints, we use Peripheral control. There are close to 24000 peripherals listed in our organisation, 2180 of which are currently allowed. I have historic data going back 4 years. To find new events…

Hi everyone, I'm starting to find a few limitations in the Sophos central endpoint web filtering. Is there any way to find out if a url is in a particular web category when using sophos central? Also could sophos central report on all web browsing…

After updating windows to the latest version which is 22H2, this error appear on certain device at the Sophos Central. The error: - "Failed to install SED64,AMSI64: 80041f00,80041f00"

Hi everyone, If we disable the tamper protection on the device itself, how long does it takes before it is actually disabled? After disabling it, we still cannot uninstall the Sophos Endpoint. Jo

Hi all, Our customer deployed Sophos Central (Local) many years ago to manage terminal security, and now they want to use the cloud Sophos Central intercept x, xdr, etc. Can I migrate the local center（sophos admin console） to Sophos Central (Cloud)…

I have been having an issue with Onenote files being detected as false positives and to prevent half of the detections from happening, I excluded all onenote files with the file extensions *.onepkg and *.one.backupconsctruction globally regardless of…

Hi, Endpoint is blocking Web. WhatsApp on a single user although all users seem to be running it fine and I have added an exception of web.whatsApp in chats categories and called it in Policies settings. Web WhatsApp page loads correctly but after…

Hi I have many computer protected by sophos. Today, i'm trying to install the agent but, after 15 minutes i receive this error message: In my Sophos central console, i see new compuer but it is not protected and in the events i have these errors…

Does Sophos can block Rorschach ransomware? www.trendmicro.com/.../an-analysis-of-the-bablock-ransomware.html

Hi all, I'm looking for a paradigm of using Policies and device groups. Could you please tell me what would be the right way of using policy to address next issues. Here is the problem: We are in process of introducing Sophos MDR in our company and…

Apr 17, 2023 8:19 PM Manual malware cleanup required: 'Mal/OneBad-A' at 'C:\Users\greg_peterson\Downloads\Augustin MaryAnne 302642.onepkg' How can I effectively exclude onepkg false positives across my organization when the path and hash…

Translator Hi, i want to join a script.py to my Sophos Central in Device Encrytion , it will automatically detect a type of my office document (Public, secret and confidential) and make the encryption with it.

Sophos Central was uninstalled completely from a device yesterday. Today, Sophos Central indicates the status of the device as follows: Isn't this a little misleading? The only thing accurate about the reported status is that it has been offline…

How to detect Microsoft Office documents spawning processes? Such as: PowerShell CMD WMI MSHTA Etc.

Scenario: Machines which have been deleted from Central longer than 90 days, tamper protection password no longer available. User in remote location, no admin account acces for normal user. Users not IT Literate. No safe mode or recovery mode available…

I use LogMeIn Rescue to support remote PCs. Last week, Sophos EDR has started generating an Investigation after each use. Has anyone else seen this of have any insignt? Initial Detection: WIN-MITRE-Behavioral-TA0005-T1562.009 Risk 6 Category:…

Hi, If anyone can help here with my query. We have some staff getting random "File Transfer blocked" notifications while they are using their computers. These files have been transferred long time ago but this windows keeps popping up from time to…

We are using Sophos Central and use basic Endpoint Protection, InterceptX Advanced and Encryption - Windows 10 Education 21H2 clients. Desktops get Endpoint protection + InterceptX Laptops get Endpoint protection, InterceptX and Encryption. …

Starting on Jan 17th, 2023, we started receiving alerts from Sophos Central randomly for various VDI desktops. Originally, my thought was the version of Sophos running on the VDIs needed to be updated, but that didn't resolve the issue. Essentially, if…