Hi, We started having this issue with some workstations and laptops,

Good day members. I Trust you are well. Our IPS report on Sophos Central shows the following IPS report. I have Traced the IP back to microsoft Data center. I would like to know is this a false positive as i have scanned the computers muliple times…

Hello, I wanted to see if anyone else is having issues with Restricting USB's in macOS Sonoma. I am currently on Version 10.5.1 for Sophos and on macOS Sonoma 14.1.1 Currently, I have the Peripheral Control set to Read Only for Secure removable storage…

Hello, Is it possible to log or block if user tries to run any vba macro in office applications? Regards.

HI everyone, I was wondering if it is a way to block all the vpns using sophos central? I have the web filtering based entirely on sophos central, and it seems okay so far. One of our customers wants all the vpns blocked on the enpoinds something…

Ave collegae! Is there a way to - see / check per device (/user) - what peripheral(s) had been blocked - allow one or more of the blocked device(s) the customer prefers GUI Salvete hRy

Hi I want to adding a appliction on device SJ32ACC but its told me error adding application , and I allow by SHA256 & key applicaion used by most organisations , could you help me to fix this issue ,thx?

Hello, To give context, our leadership and information security team are concerned with alerts that I coming from Sophos. Their concerns are valid considering the email titles are: Alert for Sophos Central [*****]: A device is not encrypted. However…

Just as the subject asks: Can PSTools be excluded for a single machine (for Sophos admin)? if so, how can I create that exclusion so that it's not alerting every time I try to download and install it? I don't want to create a global exclusion because…

Hello, i want to block accounts.google.com - docs.google.com etc. I succesfully blocked google docs but when i try to block google accounts, i can still reach that webpage somehow. Im trying from website management. What should i do? Regard…

Hi, we have our default " Base Policy - Update Management " policy which is applied to most of our endpoints set to "Recommended" software package versions. We would like to change this to latest FTS and leave the latest "Recommended" package setting…

Dear all, There are a large number of fake "whatsapp web" pages at the top of Google search currently. I saw that the IP range is: 104.21.x.x or the URL is https://uaa.xxxxxxxx / https://wh9.xxxxxxxx Is there a more effective to block the IP range…

Hello, In my domain, standard domain users are not able to install a program. But there are some programs that doesnt require admin rights to be installed. I was wondering if i can block them with Sophos. I have tried application block but for that…

I want to exclude the following (example) from real-time scanning: This directory ( 26e9f183-6e80-4436-8461-a67d55c5e4b1) is randomized within the user's profile temp directory c:\Users\testuser\Temp\26e9f183-6e80-4436-8461-a67d55c5e4b1 These files…

Scenario - Attacker has made into a system and now wants to kill \stop the AV but is tamper locked. From SIEM perspective to Monitor such events what logs can be shipped from the Event viewer? or from Sophos log directories?

Hi All, We have application control currently set to block Microsoft WSH WScripts, and want to keep it that way. However we have a VBS script that uses Wscript that ideally we want to exclude, so it can be run on endpoints without disabling application…

Good Day, We've had some instances where either Sophos protection service or Network protection service might not start up. This cause the computer to become Isolated but we cannot un-Isolate unless we restart or use Admin rights to start the service…

Anybody else tried using the "$" variable to exclude a filename and not work?? Looking at the article: Exploit mitigation or ransomware wildcards and variables - Sophos Central Admin Is says this: VariableExample $ All available drives. For…

Hello i need to unistall agent but i can't disable tamper because i don't see client on my control center (i don't know the reason!) how to do? I read many post but i can't modify Sophos MCS Agent registry key (access denied, i tried to change permission…

Dear Team, Kindly share the best practices to remove Sophos encryption before expired.

We use a SaaS based ticketing system, this is an enterprise application with SSO login and we use this process for many other SaaS based applications. We've an issue today whereby users are unable to login to this SaaS ticketing system resulting in a…

Buen día estimados, Este es el correo que tengo de contacto para solicitar su asesoramiento con las alertas que tenemos en la consola. Mi nombre es Carlos Gomez de la empresa Abastecedora Lumen S.A. de C.V. con el licenciamiento: L0006361860 Adjunto…

I wonder what the Status in the Encryption dashboard means: under which circumstances is it showing "Not encrypted" and not encrypted & "Unmanaged"? On the screenshot all have the encryption module installed, except one computer. The filter is …

Hello, unfortunately we have a little problem with the endpoints policy. So far we had blocked powershell for all users and groups via the base policy. But since we need powershell for certain scripts this way can't work for us. We tried to block…

I'm running into an issue where sophos flags dllhost.exe as suspicious because it runs with no command line arguments. That IS suspicious, my issue is that when I dug into it, that particular process ID it flags on my end does have a command line argument…