Hello, We have a Sophos Central account with about 150 computers and 25 servers. XDR is used. The licences have currently been active for about 8 days, but no detections have been displayed so far. Could it be that nothing has been detected so far and…

As residents of Saudi Arabia, SAMA provides us with YARA rules for threat detection. How can we effectively create and implement our own query within Sophos Central to scan for these YARA rules? What are the best practices and challenges associated…

Hello there, I am trying to block TLDs in Sophos Central using Website Management—Add Website Customisation, and instead of putting many domains with a malicious top domain, I would like to be able to block this particular domain. What should I…

Hello, We work with a Sophos Central Web Policy in general the download of .exe files is not allowed. Is it possible to exclude certain files/programs from this policy so that they can be downloaded? Thank You!

As the title states, this is somewhat concerning this hasn't been rolled out yet but there doesn't appear to be any sub category for AI/GPT usage in web control policy. AI usage is becoming increasingly prevalent for businesses, while also becoming increasingly…

Hello Everyone Can i allow an application using the sha256 in Sophos central, is it possible, client using intercept x with XDR. Can you please help?

Hello everyone, I have a question about the creation of threat exceptions. Suppose I have the following message in the centre. How can I set an exception there so that it can be ignored? Can anyone give me a tip? Thank you very much!

Hello there, I'd want to ask the Sophos community if I can block uncategorized websites in Sophs Central? Many of our users appear to browse uncategorized websites, which I am unsure how to prevent. Kind regards, Damian

Hi, Our client is having endpoint and server with XDR, Please let us know if there is a query or report available for User password failed attempt on Windows MAC and Linux systems. Also is there an option for sending an alert for this to central…

https://intelix.sophos.com/report/0193e2da226c4e748d1eea2314d5219f/static/url Hello, I am migrating and cleaning up our website Spectrum for Living and have run it through all the tests possible and believe that due to previous poor hosting, it is…

Hi Intercept X with XDR. I cannot find in the Endpoint management portal where to allow one (or more) sites currently blocked because they are listed in the "Proxies and Translators" category. Any assistance appreciated.

Hello, I wanted to see if anyone else is having issues with Restricting USB's in macOS Sonoma. I am currently on Version 10.5.1 for Sophos and on macOS Sonoma 14.1.1 Currently, I have the Peripheral Control set to Read Only for Secure removable storage…

HI everyone, I was wondering if it is a way to block all the vpns using sophos central? I have the web filtering based entirely on sophos central, and it seems okay so far. One of our customers wants all the vpns blocked on the enpoinds something…

Ave collegae! Is there a way to - see / check per device (/user) - what peripheral(s) had been blocked - allow one or more of the blocked device(s) the customer prefers GUI Salvete hRy

Hello, To give context, our leadership and information security team are concerned with alerts that I coming from Sophos. Their concerns are valid considering the email titles are: Alert for Sophos Central [*****]: A device is not encrypted. However…

Hello, i want to block accounts.google.com - docs.google.com etc. I succesfully blocked google docs but when i try to block google accounts, i can still reach that webpage somehow. Im trying from website management. What should i do? Regard…

Dear all, There are a large number of fake "whatsapp web" pages at the top of Google search currently. I saw that the IP range is: 104.21.x.x or the URL is https://uaa.xxxxxxxx / https://wh9.xxxxxxxx Is there a more effective to block the IP range…

Hello, In my domain, standard domain users are not able to install a program. But there are some programs that doesnt require admin rights to be installed. I was wondering if i can block them with Sophos. I have tried application block but for that…

Scenario - Attacker has made into a system and now wants to kill \stop the AV but is tamper locked. From SIEM perspective to Monitor such events what logs can be shipped from the Event viewer? or from Sophos log directories?

Hi All, We have application control currently set to block Microsoft WSH WScripts, and want to keep it that way. However we have a VBS script that uses Wscript that ideally we want to exclude, so it can be run on endpoints without disabling application…

Hello i need to unistall agent but i can't disable tamper because i don't see client on my control center (i don't know the reason!) how to do? I read many post but i can't modify Sophos MCS Agent registry key (access denied, i tried to change permission…

Dear Team, Kindly share the best practices to remove Sophos encryption before expired.

I wonder what the Status in the Encryption dashboard means: under which circumstances is it showing "Not encrypted" and not encrypted & "Unmanaged"? On the screenshot all have the encryption module installed, except one computer. The filter is …

Hello, unfortunately we have a little problem with the endpoints policy. So far we had blocked powershell for all users and groups via the base policy. But since we need powershell for certain scripts this way can't work for us. We tried to block…

Hi, I have Central managing over 8800 active endpoints, we use Peripheral control. There are close to 24000 peripherals listed in our organisation, 2180 of which are currently allowed. I have historic data going back 4 years. To find new events…