Hi all, Our customer deployed Sophos Central (Local) many years ago to manage terminal security, and now they want to use the cloud Sophos Central intercept x, xdr, etc. Can I migrate the local center（sophos admin console） to Sophos Central (Cloud)…

I have been having an issue with Onenote files being detected as false positives and to prevent half of the detections from happening, I excluded all onenote files with the file extensions *.onepkg and *.one.backupconsctruction globally regardless of…

Hi, Endpoint is blocking Web. WhatsApp on a single user although all users seem to be running it fine and I have added an exception of web.whatsApp in chats categories and called it in Policies settings. Web WhatsApp page loads correctly but after…

Hi I have many computer protected by sophos. Today, i'm trying to install the agent but, after 15 minutes i receive this error message: In my Sophos central console, i see new compuer but it is not protected and in the events i have these errors…

Does Sophos can block Rorschach ransomware? www.trendmicro.com/.../an-analysis-of-the-bablock-ransomware.html

Hi all, I'm looking for a paradigm of using Policies and device groups. Could you please tell me what would be the right way of using policy to address next issues. Here is the problem: We are in process of introducing Sophos MDR in our company and…

Apr 17, 2023 8:19 PM Manual malware cleanup required: 'Mal/OneBad-A' at 'C:\Users\greg_peterson\Downloads\Augustin MaryAnne 302642.onepkg' How can I effectively exclude onepkg false positives across my organization when the path and hash…

Translator Hi, i want to join a script.py to my Sophos Central in Device Encrytion , it will automatically detect a type of my office document (Public, secret and confidential) and make the encryption with it.

Hello Sophos community, I have recently migrated some of my business applications to Amazon Web Services (AWS) instances and I am looking to deploy Sophos Server Protection to these instances. However, I have a large number of instances and manually…

Sophos Central was uninstalled completely from a device yesterday. Today, Sophos Central indicates the status of the device as follows: Isn't this a little misleading? The only thing accurate about the reported status is that it has been offline…

Hi, We want to deploy the Sophos Central Client on 30000 computers in a managed way and with as less as network wandwith as possible. So we want to deliver the Windows full client package to our computers as a first stage with our Enterpirise deployemt…

How to detect Microsoft Office documents spawning processes? Such as: PowerShell CMD WMI MSHTA Etc.

Scenario: Machines which have been deleted from Central longer than 90 days, tamper protection password no longer available. User in remote location, no admin account acces for normal user. Users not IT Literate. No safe mode or recovery mode available…

hello team, does anyone know the linux commands for the sophos agent? -to scan. -clean PUAs. -check the status connect. and how to add a proxy.

I use LogMeIn Rescue to support remote PCs. Last week, Sophos EDR has started generating an Investigation after each use. Has anyone else seen this of have any insignt? Initial Detection: WIN-MITRE-Behavioral-TA0005-T1562.009 Risk 6 Category:…

Hi, If anyone can help here with my query. We have some staff getting random "File Transfer blocked" notifications while they are using their computers. These files have been transferred long time ago but this windows keeps popping up from time to…

Starting on Jan 17th, 2023, we started receiving alerts from Sophos Central randomly for various VDI desktops. Originally, my thought was the version of Sophos running on the VDIs needed to be updated, but that didn't resolve the issue. Essentially, if…

Good morning (NZ Time) We are an IT support business We use connectwis's screenconnect product to remotely support all of our clients, and have done for 6 years. From Yesterday afternoon (NZ Time) our Sophos Central alerts are going off with the below…

From this morning's New Innovations email: "Adaptive Active Adversary Protection temporarily puts the impacted device into a more aggressive security mode that disrupts and delays the attacker by automatically blocking a wide range of activities that…

Hi, We're having strange issue: The "ransomware detection" setting is interfering with a local .NET process running on our machines. When the detection is switched on the processes run much slower, this is caused by long pauses in Gen0 and Gen1…

We have an issue where if our users want to use a Hotel, Conference Centre, or Airport Lounge’s Wi-Fi they can’t because the Wi-Fi network’s internal logon splash screen is blocked as ‘Uncategorised’ by SOPHOS Central Web Protection and we don’t allow…

We are planning to deploy Sophos CIXA in our customer environment. before that we need to remove Customer's existing EPS - Palo alto cortex. Sophos CRT support to remove competitor (Palo alto cortex)?

Hi, every week we get a Sophos Managed Threat Response report about clients and servers. Is it possible to split this report in clients and servers? Regards Dennis

We have performance issue with Citrix Intercept installed on VDI Citrix desktops. When the users open files (office, pdf, etc...) I see Sophos file scanner that use 60 and more cpu every time (I know that Sophos have to do the scan of the file...).…

Hello, For some reason Sophos categorize one of our very serious domain as "provocative attire" so I put an exception to this domain as I already made for some other blocked sites we met. But this time it has been six hours and still nothing when for…