Hello, i would like to add a File-Exclusion rule for multiple filetypes and one specific path. Do i need to add multiple exclusions for each filetype or can i just create one rule for all? Here is an example: "C:\Test\Folder\*.txt,*.zip,*.abc…

We have an application that is found safe from Sophos Labs Team. How would I exclude it in Central? I have disabled all features on the endpoint as a test and it is still detected. Excluded the process path. No luck. Mitigation DLLHijack Policy…

Hi Sophos, We are receiving what we believe to be false positives with a piece of software at use in our ogranisation. This software is triggering an event on the affected device for 'DynamicShellcode'. I understand that I can go to this device…

Users received legitimate word files via Outlook. When received they opened and edited the attachment directly (explains the AppData\Local\Temp\NDFCE93.tmp filename) an then while then saving the file on the Windows Server SMB file share, their Sophos…

Hello everyone, Is anyone else getting "High-Risk" detections "WIN-INI-PRC-NODE-SPAWN-SUSP-PROCESS-1" from Adobe Creative Cloud? "parent_path": "C:\\Program Files\\Adobe\\Adobe Creative Cloud Experience\\libs\\node.exe" SHA256( node.exe) : 17fd75d8a41bf9b4c475143e19ff2808afa7a92f7502ede731537d9da674d5e8…

Leap year bug guys? Seeing more and more reports of Browser warning NET:ERR_CERT_DATE_INVALID its the Sophos Endpoint RSA Root with a date of 1/1/1601 Meaning its the SSL/TLS Inspection feature - turn it off and the problem goes away... Ouch!

Hello, I want to block generative ai using sophos antivirus, I've checked the application control and i couldnt find anything. Do i have to use FQDN for all of them or is there any basic way to do so? Regards.

I am interested in Sophos Intercept X EDR. I cannot find the details regarding presence of cloud sandbox facility in EDR. Do EDR have cloud sandbox facilityin it? Thanks in advance.

Hello everyone, we have been using Intercept X in the Sophos Central Cloud for some time. Here we need the ability to view a log file or a report after a self-triggered “full scan”. This was possible in the old onPrem Sophos and client. In the Intercept…

Dear All, Hope you are all doing well. I have a question regarding AMSI Sophos Protection. Is it okay to turn off AMSI logging? Turn off AMSI logging to resolve compatibility issues – Sophos Home Help Since we upgraded our workstations to Windows…

Hey there. I know this question has been asked a few years back, but i hope there is an update to this. I deployed Sophos CIXA on my PC and it started automatically deleting some of my trusted software i use as a network technician. The files…

Hello, We have the Intercept X Advanced with XDR license, will we need a new license if we want to implement the NDR Sensor or does our license already include this sensor? When will it be released? Thanks André Soares

My employees accidentally cleared an alert in Sophos Central for a ransomeware attack. Doing so erased all the detail information (File locations, etc.) Can someone point me to the log location so I can get that information from the log?

Our SAP server’s backup process, that is using certutil.exe, is detected as a defense evasion threat. In details the detection is Detection ID: WIN-EVA-PRC-CERTUTIL-DECODE-1 Command Line: certutil -decode password.b64 password.txt File Path: C:\Windows…

Hello Everyone, I have tryied to search about this in the forum but couldn't find anything. My scenario is : XGS2100 Xstream protection + Endpoints with advanced Threat protection. I keep receiving this two alerts but I have tried to see what to do…

Hi to all, I'm confused about a cryptoguard detection, it seems they found ransomware on a component of sophos itself. id: {"type":3,"data":"10HWczOjodtRTCUtmJysJQ=="} family_id: a1e45bc2-168e-553c-f81a-5e712666d413 process_alias_path…

Hey Everyone, Scratching my head over how to deal with this PAU as I can't find much information on it on the old Google box. The identified PAU is PsExec located within the ZIP WPJCleanUp, PsExec as well as WPJCleanUp are legitimate Windows resources…

Good morning, We use Faronics Deep Freeze in our environment on shared-use PCs in classrooms and computer labs. We are experimenting with turning on data lake uploads to start using the threat analysis center, and the Deep Freeze detections are very…

Sophos home, Since the 28th of october I've been getting a message stating a scan will start due to ransomware detected a few days ago. I perform a scan and nothing is found but everyday i get this message. The file mentioned in the history is, C…

Open Powershell 7 Connect-IPPSSession -UserPrincipalName User@domain.com MS login processes starts by trying to open a browser window with a local host address and a random port. The connection is refused and the login process to MS stops localhost…

Hello. On some sophos endpoints the following error appears "Manual malware cleanup required: 'Unknown Threat' at 'null'". Could you tell me what this error refers to or how to solve it? The version in which this error appears is CoreAgent 2023.1.3.5…

I'm doing a POC with Crowdstrike and on the test computer we received a file that was detected as ( RegistryPersistEdit ) by Crowdstrike's machine learning. Sophos detected nothing and let the file make changes to the Windows registry. Sophos machine…

Hello everyone, We get the following alert What happened: We could not clean up a threat. Where it happened: computer name Path: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe What was detected: AMSI/Reflect-KA How severe it…

I found that HPMA can already intercept, but sophos doesn't seem to have fusion rules yet

This error occurs in all notifications, not in specific cases