In a fairly new windows laptop, we had to install Sophos in our company laptop. This made the laptop extremely slow and hard to use.
All of my coworkers have also been facing similar issues.
Sophos uses around 90-100% of the CPU.
what should I do…
I am reaching out for guidance on a critical issue one of our clients is currently facing. They have fallen victim to a ransomware attack, specifically impacted by the 'Hhuy virus' from the STOP/DJVU ransomware family, identifiable by the '.HHUY' extension…
hi all,
how do i point endpoint agents to a specific "update cache and message relay" because atm there saying "sophos" on the web portal but i want them to point to a specific relay server as there not internet facing machines
thanks,
rob
hi all,
how do i install sophos endpoint protection but miss pcs with it already on
https://doc.sophos.com/central/Partner/help/en-us/Help/Deployment/WindowsCommandLine/index.html#message-relays
do i need to add "no competitor removal" to miss all…
Purpose of these 2 services Sophos MCS Client and Sophos MCS Agent, what do they do? Any KBA to detail the explanation or nature of each Sophos service on windows devices?
I saw the popup the other day announcing the new feature in Threat Protection to block QUIC to make sure that everything goes through Web Control and Threat Control correctly.
I clicked the "Read more" link which took me to Threat Protection Policy…
problems installing sophos endpoint, Error: No reachable update service locations , The log generates the following: 2023-12-19T15:28:54.2670382Z INFO : Trying update service url sus.sophosupd.com/.../d409441b-33e9-47f3-b22a-0cf49378a0a8 with proxy: …
Hi,
due to some strange German law, there must be some wistle-blowing URL to be excluded from decrypting but also from logging.
is that possible with Sophos Endpoint / Central?
What about Datalake?
Though it's a nightmare in terms of security…
Hey Sophos,
you managed to bring one of our websites out of production with your new NTP64 component.
Since installed, endpoints will not load it or only parts of it. Intercept-X kills the connection during TLS handshake.
HTTPS Decryption enabled…
Our SAP server’s backup process, that is using certutil.exe, is detected as a defense evasion threat.
In details the detection is
Detection ID: WIN-EVA-PRC-CERTUTIL-DECODE-1 Command Line: certutil -decode password.b64 password.txt File Path: C:\Windows…
Hello Everyone, I have tryied to search about this in the forum but couldn't find anything.
My scenario is : XGS2100 Xstream protection + Endpoints with advanced Threat protection.
I keep receiving this two alerts but I have tried to see what to do…
I have a device that at some point was deleted from the Sophos portal. I've tried reinstalling Sophos but am getting a message stating that tamper protection needs to be disabled. What steps can I take to get the device back on the portal?
Thank you…
Hi to all,
I'm confused about a cryptoguard detection, it seems they found ransomware on a component of sophos itself.
id: {"type":3,"data":"10HWczOjodtRTCUtmJysJQ=="}
family_id: a1e45bc2-168e-553c-f81a-5e712666d413
process_alias_path…
When installing core agent 2023.1.3.5, some devices show 2023.1.3.5 BETA and some show 2023.1.3.5 versions. Why is there two versions? When did the version change? Updating does not change it to 2023.1.3.5 BETA version to 2023.1.3.5.
Auf dem Windows Server 2012R2 Standard habe ich " Intercept X Advanced for Server with XDR" installiert.
Problem: Obwohl alles nach der Installation gut aussieht, werden die Server nicht aktualisiert und kommunizieren auch nicht mit Central.
…
Hi, I have an annoying problem with the Sophos Endpoint Agent. When I am connected to the internet everything is fine. However, when I unplug the cable and am offline, the load on SEDService.exe goes way up. I have now noticed that under C:\ProgramData…
Hey Everyone,
Scratching my head over how to deal with this PAU as I can't find much information on it on the old Google box.
The identified PAU is PsExec located within the ZIP WPJCleanUp, PsExec as well as WPJCleanUp are legitimate Windows resources…
Hi
I have ssl inspection in intercept x advanced with xdr/
I have a problem surfing with firefox.
the message is:
Software is Preventing Firefox From Safely Connecting to This Site
mxtoolbox.com is most likely a safe site, but a secure connection…
Heartbeat is becoming my best friend.
Yesterday I identified a Windows Server that had no heartbeat due to expired certificates. I reinstalled the agent and all was fine.
Later the endpoint updated the heartbeat component from 1.15.835.0 to 1.15.1122…