• Question for in-house made Python script

    Jo Vanattenhoven
    Jo Vanattenhoven
    Hello everyone, I have a question. Some of your users needs to run a Python script (through VBA, command prompt or Python prompt). At the moment it gets blocked by Sophos. What's the best way to tackle this problem and allow this script to be run? …
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • How can we comment a exclusion in a Threat Protection Policie?

    Marcel Saggau
    Marcel Saggau
    We want to use a comment function in a "normal" Policie. If we click on "Add Exclusion" there is no field to comment something.
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • "Policy non-compliance: Exploit Detection" Alert disappears with no information of what was the cause

    Edward Burnside
    Edward Burnside
    We have been getting some "Policy non-compliance: Exploit Detection" alerts from some of our devices. These then return to compliance once the device was next powered on. This is great that they return to compliance, but there doesn't appear to be any…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • 'APCViolation' exploit prevented in crystal16

    Parag Shukla
    Parag Shukla
    Hi Team, We have some systems where Sophos clients are running and considering below path suspicious. PathC:\Program Files (x86)\Avantium Technologies\Crystal16.exe I have created global exclusion in two ways:- 1) Based on File or folder (Windows…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Complete scan performance issue

    Anishkumar C
    Anishkumar C
    Most of the customer has Performance issue while in complete scan. is there any option to set priority or performance control in Sophos agent option for complete scan.
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Sophos RT File Scanning SIgnificantly Slows Chrome

    Patrick Kobly
    Patrick Kobly
    We are in the process of rolling out Central Intercept X Advanced with XDR and MTR. Developers have complained that Sophos makes their Windows machines sluggish. Same behaviour does not exist or is not as bad on Mac machines. We have been able to reduce…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Protect Critical Functions in Web Browsers (Safe Browsing)

    Lee Wolstencroft Personal
    Lee Wolstencroft Personal
    Hello, I have been asked by a customer if there is a document which thouroughly explains how 'Protect critical functions in web browsers (Safe browsing) works but cannot seem to find anything. Does such a document exist? Thanks, Lee.
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Sophos File Scanner Hight Hardware Usage

    Tamoor Sohail
    Tamoor Sohail
    Hi, I work in an organisation environment where we have a variety of user laptops and are running Sophos Endpoint. Products Core Agent 2022.4.1.1 Sophos Intercept X 2022.1.3.3 We have been experiencing an issue with one device , a Lenovo…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Sophos File Scanning WSL1

    Carlton Jacobson
    Carlton Jacobson
    Does the Sophos File scanner scan files in a WSL1 installation? Those files are available to Windows at \\wsl.localhost\ Thank you, Carlton
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • False malware with Volsoft?

    Joseph Black
    Joseph Black
    We've recently updated to Endpoint and have an unusual issue with one of our users recently migrated to Win10 and Endpoint. Whenever they attempt to launch Volunteer Reporter by Volsoft it is blocked by Sophos. I am awaiting a local screenshot from our…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • CryptoGuard detected ransomware in C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2302.5.0_x64__cv1g1gvanyjgm\WhatsApp.exe

    TareK
    TareK
    Sophos Endpoint is detecting a CryptoGuard detected ransomware in C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2302.5.0_x64__cv1g1gvanyjgm\WhatsApp.exe I am unsure of the reason behind this detection and would appreciate your help in resolving…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Ransomware alert

    Sophos User1564
    Sophos User1564
    We are hit with potential ransomware but it shows strange originating IP address. How can i figure out where it originated. CryptoGuard detected a ransomware attack from fe80::6d67:8f89:d7d5:be80
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Quick Assist

    Andrea Gatt
    Andrea Gatt
    Good morning, We have Sophos at work and we discovered recently that Quick Assist is being blocked by Web Control. Seems to be a new thing because there were no changes in the systems. Can you please help and/or provide a solution? Thanks & Regards, …
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Sophos FileScanner "SophosFileScanner.exe" spiking Up To 40% CPU Usage

    Nico Stark
    Nico Stark
    Hello Sophos Community, I manage the Sophos Endpoint Antivirus Solution + Sophos Centrale. We are currently using the Sophos File Scanner Version 1.10.7.73. The CPU Usage spikes drastically to 40% in a ten minunte interval. Do you know any tricks to…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Sophos indicates Malware at virustotal

    Björn Bertilsson
    Björn Bertilsson
    When I made a scan using virustotal for the site haagtech.se I get a few red flags. Sophos is one of them. The scan looks different if use my phone compared to a computer. On the phone Sophos has its own line, but on the computer it shares line with…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Will automatic interception be added to SOPHOS detection mode MITRE ATT&CK in the future?

    Leung233 User
    Leung233 User
    Now this mode only has observation mode, I hope to add interception mode in the future, for example, if the high risk level exceeds a certain score, automatic interception will be triggered and threat chart will be automatically built
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • eicar_com.zip: cleanup aborted because on allow list

    LHerzog
    LHerzog
    I downloaded Eicar in several versions and was confused about this event in the Sophos Endpoint. We do not have eicar on an allow list. Event on the endpoint agent: and in Central: In the documentation I found that zip files containing virus…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • False threat detection, ransomware, on dotnet.exe

    James Komenda
    James Komenda
    I have a large .net7 browser-wasm project that is published with AOT (Ahead-of-time) complication and Sophos keeps flagging "C:Program Files\dotnet\dotnet.exe" as a ransomware threat. The AOT process is linking and packaging a large number of files. Is…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Exploit Mitigation custom exclusion

    LHerzog
    LHerzog
    How can I add a new custom application to the exceptions? This does not seem to help or it is not clear what will happen with the path that I add manually: I was looking for something like this: Need to add ROP exclusion for this not so…
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Mal/EncPk-AAI

    Andre Soares
    Andre Soares
    Hello, intercept-x caught this event, I didn't find any reference. Mal/EncPk-AAI, the detection was in a legitimate program, is this a false positive? Thanks André Soares
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • how can we fix this.

    Carol Jenkins
    Carol Jenkins
    uid: 11153a4b-eb17-3ea8-e686-4e277003c638 family_id: 6eb3ff26-0e34-15a1-0f48-11e273784787 process_alias_path: $windows\explorer.exe process_name: Windows Explorer process_version: 10 thumbprint: 20f00333e19359ac81a0ac9dd49f7dd31533f3379a6e57f78bada98b0b7c64cf…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Sophos disabled but still blocking files

    jt86
    jt86
    I've whitelisted PSEXEC and I've disabled all the modules for Sophos Endpoint but PSEXEC is still being removed as its recognised as a PUA. I've created a policy to whitelist this app on Central but nothing is applying. Anyone know how to get around…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Sophos Endpoint and Eset Disk Encryption Problem

    Rejep Annamuhammedov
    Rejep Annamuhammedov
    Hello everyone, I have a problem with eset full disk encryption, in my organization clients have sophos Intercept X Advanced endpoint, and when ı start disk encryption with eset there are alerts by sophos hitman pro that does not permit for encryption…
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • What is this alert, how can we fix this.

    Ashish Koshta
    Ashish Koshta
    uid: 11153a4b-eb17-3ea8-e686-4e277003c638 family_id: 6eb3ff26-0e34-15a1-0f48-11e273784787 process_alias_path: $windows\explorer.exe process_name: Windows Explorer process_version: 10 thumbprint: 20f00333e19359ac81a0ac9dd49f7dd31533f3379a6e57f78bada98b0b7c64cf…
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • Sophos and National Instruments Software

    Sophos User5832
    Sophos User5832
    Hello - Does anyone have any experience with National Instruments software? The only way to get the product to work is to disable real time scanning, and that isn't an option. I have created exclusions for directories and processes to no avail.
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • View related content throughout Sophos Endpoint
  • More
  • Cancel
<>