Hi all, i've got a false-positive outbreak detected on one fileserver. There're around 100 Items in Quarantine - alerts spread over 6 pages in Events-Section in central. i went through that list multiple times but was able to release 95 elements from…

Hi! I just found a bug in the Sophos Central dashboard and could not find it in the known issues list. Here's how to replicate the issue: 1. Create an exclusion of the type "Exploit mitigation", choose an application and deactivate at least one of…

Recently, I've noticed a troubling increase in false positives from Sophos Central that are impacting our workflow significantly. Legitimate files and applications are being flagged as threats, causing unnecessary disruptions and delays. This issue seems…

Hello, we have a problem with the feature “Protect network traffic”. We are using a terminal server, on which employees work with a program that uses EWS to send mails. We now have the problem that Sophos blocks the automatic login process via the…

We have a terminal server running Sophos Intercept X Essentials. This now also reported a detected manipulation of the browser and provided corresponding information. How do you deal with this? Do you always report these reports to the Sophos team or…

I created a Threat Protection Policy and enabled Deep scan and Scheduled it for only one file server. Today, I'm trying to find the log of the scan and see if it deleted or quarantined anything. Where can I find this?

Good day members. I Trust you are well. Our IPS report on Sophos Central shows the following IPS report. I have Traced the IP back to microsoft Data center. I would like to know is this a false positive as i have scanned the computers muliple times…

Hello, Is it possible to log or block if user tries to run any vba macro in office applications? Regards.

Hi I want to adding a appliction on device SJ32ACC but its told me error adding application , and I allow by SHA256 & key applicaion used by most organisations , could you help me to fix this issue ,thx?

Just as the subject asks: Can PSTools be excluded for a single machine (for Sophos admin)? if so, how can I create that exclusion so that it's not alerting every time I try to download and install it? I don't want to create a global exclusion because…

I want to exclude the following (example) from real-time scanning: This directory ( 26e9f183-6e80-4436-8461-a67d55c5e4b1) is randomized within the user's profile temp directory c:\Users\testuser\Temp\26e9f183-6e80-4436-8461-a67d55c5e4b1 These files…

Anybody else tried using the "$" variable to exclude a filename and not work?? Looking at the article: Exploit mitigation or ransomware wildcards and variables - Sophos Central Admin Is says this: VariableExample $ All available drives. For…

We use a SaaS based ticketing system, this is an enterprise application with SSO login and we use this process for many other SaaS based applications. We've an issue today whereby users are unable to login to this SaaS ticketing system resulting in a…

I'm running into an issue where sophos flags dllhost.exe as suspicious because it runs with no command line arguments. That IS suspicious, my issue is that when I dug into it, that particular process ID it flags on my end does have a command line argument…

Hi, in our VoIP Client there is a ROP Detection. After searching, this is by Exploit detection engine. No I can set exclusions for a lot of things and I in all I checked, it is possible to make a comment like here: but for exploit mitigation…

Hi community, Sophos Central has not been approved by Siemens WinCC V7.x ! I am forced to install Sophos Endpoint Agent on such Servers anyway. What are the recommended global exclusions from Sophos for such Servers, and above all which exclusion…

I have been having an issue with Onenote files being detected as false positives and to prevent half of the detections from happening, I excluded all onenote files with the file extensions *.onepkg and *.one.backupconsctruction globally regardless of…

Does Sophos can block Rorschach ransomware? www.trendmicro.com/.../an-analysis-of-the-bablock-ransomware.html

Apr 17, 2023 8:19 PM Manual malware cleanup required: 'Mal/OneBad-A' at 'C:\Users\greg_peterson\Downloads\Augustin MaryAnne 302642.onepkg' How can I effectively exclude onepkg false positives across my organization when the path and hash…

How to detect Microsoft Office documents spawning processes? Such as: PowerShell CMD WMI MSHTA Etc.

I use LogMeIn Rescue to support remote PCs. Last week, Sophos EDR has started generating an Investigation after each use. Has anyone else seen this of have any insignt? Initial Detection: WIN-MITRE-Behavioral-TA0005-T1562.009 Risk 6 Category:…

Good morning (NZ Time) We are an IT support business We use connectwis's screenconnect product to remotely support all of our clients, and have done for 6 years. From Yesterday afternoon (NZ Time) our Sophos Central alerts are going off with the below…

From this morning's New Innovations email: "Adaptive Active Adversary Protection temporarily puts the impacted device into a more aggressive security mode that disrupts and delays the attacker by automatically blocking a wide range of activities that…

We have an issue where if our users want to use a Hotel, Conference Centre, or Airport Lounge’s Wi-Fi they can’t because the Wi-Fi network’s internal logon splash screen is blocked as ‘Uncategorised’ by SOPHOS Central Web Protection and we don’t allow…

I want to allow an application which are detected with Sophos central, but in the event details tab is not showing allow applications option. even though when I allow the detected path from global settings allow applications then the application is not…