Hello, In my domain, standard domain users are not able to install a program. But there are some programs that doesnt require admin rights to be installed. I was wondering if i can block them with Sophos. I have tried application block but for that…

I want to exclude the following (example) from real-time scanning: This directory ( 26e9f183-6e80-4436-8461-a67d55c5e4b1) is randomized within the user's profile temp directory c:\Users\testuser\Temp\26e9f183-6e80-4436-8461-a67d55c5e4b1 These files…

Hello Team, We are facing login challenges with Sophos Central Login

Scenario - Attacker has made into a system and now wants to kill \stop the AV but is tamper locked. From SIEM perspective to Monitor such events what logs can be shipped from the Event viewer? or from Sophos log directories?

Hello, I have an issue with migrating devices to another organizational unit in Sophos Central. I've tried using Postman for this. It works when I want to move all devices from one unit to another, but when I try to move only a specific group of devices…

Hi, today all access points (myself and customers) are marked as offline in Sophos Central wireless but thankfully are still working. Are there any troubles in central (EU)?

Hallo, der Report zu Sophos funktioniert soweit. Leider geht es nicht bei manchen öffentlichen Ordnern. Mein Benutzer hat Senderechte und ist Besitzer dieses Ordners. Wenn man dann "An Sophos senden" klickt, kommt die Meldung: Sie können…

Hello to all , i have an error when try to manage firrewall from central it give me " the firewall is not responding to the login request as fast as expected. please wait a while and try again, or check that the firewall is not experiencing any internet…

Hello Team, Could you please share the Sophos Central CIS Benchmarks pdf for hardening Sophos Central?

Hi All, We have application control currently set to block Microsoft WSH WScripts, and want to keep it that way. However we have a VBS script that uses Wscript that ideally we want to exclude, so it can be run on endpoints without disabling application…

Sophos Central is telling me we have a machine with Tamper Protection off but it can't show me which one and (click on device in the report and it show me a list of machines with any protection off but it's a list of zero machines. Click automatically…

Service unavailable or 502 Bad Gateway when calling https://central.sophos.com Germany region. Some devices do not get Heartbeat. Any known issues with Central? Status page says: all fine

Good Day, We've had some instances where either Sophos protection service or Network protection service might not start up. This cause the computer to become Isolated but we cannot un-Isolate unless we restart or use Admin rights to start the service…

I am testing the Endpoint Protection and Server Protection EAP. I have downloaded the server protection and deployed it on my home DNS server which is running on Ubuntu. It has installed successfully and is registered in Sophos Central in the Server…

Our PSA sync to Connectwise is working perfectly for all products except MDR complete. Only "Central Managed Detection and Response Complete Server" is syncing, except when I run a sync I see that line item briefly change to "Central Managed Detection…

We onboarded a new client with a large Azure list of users. The tenant sync with on prem AD and they sync everything. I am trying to get my head around Sophos syncing based on Group ID or group filter. We really only need about 50 mb's synced. The way…

Hallo zusammen, habe leider nichts gefunden und muss euch fragen. Kann man in der Central eine Benachrichtigung einstellen, wenn an der Konfiguration etwas geändert wurde (durch einen 2. Admin z.b.) Ich sehe es in der Central im Überwachungsprotokoll…

Hey there, For the last few months, we have been getting lots of alerts that say the following: "Device failed to update because it does not support Azure Code Signing. See knowledge base article" As i understand it, sophos changed something…

When I login Sophos Central, there is message highlighted to orange today. the message says " Because we implement the system migration, some licensing operation will be unavailable at the first week of October." "you would not activate/deactivate…

Hi, we wanted to use Sophos Data lake scheduled queries to check periodically if our HW and SW inventory database is up to date. We noticed that not a lot of HW info about endpoints is populated to the Data Lake with hydration queries but it can be…

Anybody else tried using the "$" variable to exclude a filename and not work?? Looking at the article: Exploit mitigation or ransomware wildcards and variables - Sophos Central Admin Is says this: VariableExample $ All available drives. For…

Hi all, Do you know if there is way to check the number of API call make during the day or something ? I can't find a way to check the API consumption.

Hello Sophos Community, I have a challenge accessing Sophos Central. After successful user ID and password login, I get stuck on the next verification level requiring Security Code as shown below: Sophos doesn't sent the code. Where do I get the…

Hi guys, Is there a possibility to display the firewall data persistently in the threat analysis and not only via queries? Where can I see in the Threat Analysis Center whether the data from the firewall logs was included in the detections? Is it…

Hello i need to unistall agent but i can't disable tamper because i don't see client on my control center (i don't know the reason!) how to do? I read many post but i can't modify Sophos MCS Agent registry key (access denied, i tried to change permission…