Hello everyone, I have a question. Some of your users needs to run a Python script (through VBA, command prompt or Python prompt). At the moment it gets blocked by Sophos. What's the best way to tackle this problem and allow this script to be run? …

We want to use a comment function in a "normal" Policie. If we click on "Add Exclusion" there is no field to comment something.

We have been getting some "Policy non-compliance: Exploit Detection" alerts from some of our devices. These then return to compliance once the device was next powered on. This is great that they return to compliance, but there doesn't appear to be any…

Hi Team, We have some systems where Sophos clients are running and considering below path suspicious. PathC:\Program Files (x86)\Avantium Technologies\Crystal16.exe I have created global exclusion in two ways:- 1) Based on File or folder (Windows…

Most of the customer has Performance issue while in complete scan. is there any option to set priority or performance control in Sophos agent option for complete scan.

We are in the process of rolling out Central Intercept X Advanced with XDR and MTR. Developers have complained that Sophos makes their Windows machines sluggish. Same behaviour does not exist or is not as bad on Mac machines. We have been able to reduce…

Hello, I have been asked by a customer if there is a document which thouroughly explains how 'Protect critical functions in web browsers (Safe browsing) works but cannot seem to find anything. Does such a document exist? Thanks, Lee.

Hi, I work in an organisation environment where we have a variety of user laptops and are running Sophos Endpoint. Products Core Agent 2022.4.1.1 Sophos Intercept X 2022.1.3.3 We have been experiencing an issue with one device , a Lenovo…

Does the Sophos File scanner scan files in a WSL1 installation? Those files are available to Windows at \\wsl.localhost\ Thank you, Carlton

We've recently updated to Endpoint and have an unusual issue with one of our users recently migrated to Win10 and Endpoint. Whenever they attempt to launch Volunteer Reporter by Volsoft it is blocked by Sophos. I am awaiting a local screenshot from our…

Sophos Endpoint is detecting a CryptoGuard detected ransomware in C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2302.5.0_x64__cv1g1gvanyjgm\WhatsApp.exe I am unsure of the reason behind this detection and would appreciate your help in resolving…

We are hit with potential ransomware but it shows strange originating IP address. How can i figure out where it originated. CryptoGuard detected a ransomware attack from fe80::6d67:8f89:d7d5:be80

Good morning, We have Sophos at work and we discovered recently that Quick Assist is being blocked by Web Control. Seems to be a new thing because there were no changes in the systems. Can you please help and/or provide a solution? Thanks & Regards, …

Hello Sophos Community, I manage the Sophos Endpoint Antivirus Solution + Sophos Centrale. We are currently using the Sophos File Scanner Version 1.10.7.73. The CPU Usage spikes drastically to 40% in a ten minunte interval. Do you know any tricks to…

When I made a scan using virustotal for the site haagtech.se I get a few red flags. Sophos is one of them. The scan looks different if use my phone compared to a computer. On the phone Sophos has its own line, but on the computer it shares line with…

Now this mode only has observation mode, I hope to add interception mode in the future, for example, if the high risk level exceeds a certain score, automatic interception will be triggered and threat chart will be automatically built

I downloaded Eicar in several versions and was confused about this event in the Sophos Endpoint. We do not have eicar on an allow list. Event on the endpoint agent: and in Central: In the documentation I found that zip files containing virus…

I have a large .net7 browser-wasm project that is published with AOT (Ahead-of-time) complication and Sophos keeps flagging "C:Program Files\dotnet\dotnet.exe" as a ransomware threat. The AOT process is linking and packaging a large number of files. Is…

How can I add a new custom application to the exceptions? This does not seem to help or it is not clear what will happen with the path that I add manually: I was looking for something like this: Need to add ROP exclusion for this not so…

Hello, intercept-x caught this event, I didn't find any reference. Mal/EncPk-AAI, the detection was in a legitimate program, is this a false positive? Thanks André Soares

uid: 11153a4b-eb17-3ea8-e686-4e277003c638 family_id: 6eb3ff26-0e34-15a1-0f48-11e273784787 process_alias_path: $windows\explorer.exe process_name: Windows Explorer process_version: 10 thumbprint: 20f00333e19359ac81a0ac9dd49f7dd31533f3379a6e57f78bada98b0b7c64cf…

I've whitelisted PSEXEC and I've disabled all the modules for Sophos Endpoint but PSEXEC is still being removed as its recognised as a PUA. I've created a policy to whitelist this app on Central but nothing is applying. Anyone know how to get around…

Hello everyone, I have a problem with eset full disk encryption, in my organization clients have sophos Intercept X Advanced endpoint, and when ı start disk encryption with eset there are alerts by sophos hitman pro that does not permit for encryption…

uid: 11153a4b-eb17-3ea8-e686-4e277003c638 family_id: 6eb3ff26-0e34-15a1-0f48-11e273784787 process_alias_path: $windows\explorer.exe process_name: Windows Explorer process_version: 10 thumbprint: 20f00333e19359ac81a0ac9dd49f7dd31533f3379a6e57f78bada98b0b7c64cf…

Hello - Does anyone have any experience with National Instruments software? The only way to get the product to work is to disable real time scanning, and that isn't an option. I have created exclusions for directories and processes to no avail.