• CPU usage by Sophos.

    P patton
    P patton
    In a fairly new windows laptop, we had to install Sophos in our company laptop. This made the laptop extremely slow and hard to use. All of my coworkers have also been facing similar issues. Sophos uses around 90-100% of the CPU. what should I do…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Seeking Advice: Ransomware Attack and Solutions for Legacy Systems

    Fox Medo
    Fox Medo
    I am reaching out for guidance on a critical issue one of our clients is currently facing. They have fallen victim to a ransomware attack, specifically impacted by the 'Hhuy virus' from the STOP/DJVU ransomware family, identifiable by the '.HHUY' extension…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • point agents to update cache and message relay

    Sophos User1175
    Sophos User1175
    hi all, how do i point endpoint agents to a specific "update cache and message relay" because atm there saying "sophos" on the web portal but i want them to point to a specific relay server as there not internet facing machines thanks, rob
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • silent install but miss already on pc's

    Sophos User1175
    Sophos User1175
    hi all, how do i install sophos endpoint protection but miss pcs with it already on https://doc.sophos.com/central/Partner/help/en-us/Help/Deployment/WindowsCommandLine/index.html#message-relays do i need to add "no competitor removal" to miss all…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Sophos MCS services

    PK1
    PK1
    Purpose of these 2 services Sophos MCS Client and Sophos MCS Agent, what do they do? Any KBA to detail the explanation or nature of each Sophos service on windows devices?
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • New Block QUIC setting not showing

    itskdog
    itskdog
    I saw the popup the other day announcing the new feature in Threat Protection to block QUIC to make sure that everything goes through Web Control and Threat Control correctly. I clicked the "Read more" link which took me to Threat Protection Policy…
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • problems installing sophos endpoint, Error: No reachable update service locations

    oscar parra
    oscar parra
    problems installing sophos endpoint, Error: No reachable update service locations , The log generates the following: 2023-12-19T15:28:54.2670382Z INFO : Trying update service url sus.sophosupd.com/.../d409441b-33e9-47f3-b22a-0cf49378a0a8 with proxy: …
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • sophos endpoint defense services taking high memory utilization(500-600)

    Sophos User6749
    Sophos User6749
    Why this services taking so much memory utilization and how we can reduce it can anyone suggest ,due to which system getting slow
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • is it possible to exclude some URL from Endpoint logging -> whistle-blowing

    LHerzog
    LHerzog
    Hi, due to some strange German law, there must be some wistle-blowing URL to be excluded from decrypting but also from logging. is that possible with Sophos Endpoint / Central? What about Datalake? Though it's a nightmare in terms of security…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • IPS/NTP HTTPS Decryption - ERR_EMPTY_RESPONSE issues since latest upgrade to NTP64 2023.2.573

    LHerzog
    LHerzog
    Hey Sophos, you managed to bring one of our websites out of production with your new NTP64 component. Since installed, endpoints will not load it or only parts of it. Intercept-X kills the connection during TLS handshake. HTTPS Decryption enabled…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Exclude Threat Detection "TA0005 - Defense Evasion"

    Colsam
    Colsam
    Our SAP server’s backup process, that is using certutil.exe, is detected as a defense evasion threat. In details the detection is Detection ID: WIN-EVA-PRC-CERTUTIL-DECODE-1 Command Line: certutil -decode password.b64 password.txt File Path: C:\Windows…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Sophos keeps notifying c:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Exec_28a (T1059.001) and Exec_6a (T1059.001)

    Matteo Vinti
    Matteo Vinti
    Hello Everyone, I have tryied to search about this in the forum but couldn't find anything. My scenario is : XGS2100 Xstream protection + Endpoints with advanced Threat protection. I keep receiving this two alerts but I have tried to see what to do…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Sophos Endpoint-peripheral

    Ahmed Sani
    Ahmed Sani
    Hello, is it possible to set time to blocking USB port? As in block or leave it open for just a certain time period.
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Disable Tamper Protection - Device Removed from Portal

    Susan Pieroni
    Susan Pieroni
    I have a device that at some point was deleted from the Sophos portal. I've tried reinstalling Sophos but am getting a message stating that tamper protection needs to be disabled. What steps can I take to get the device back on the portal? Thank you…
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • About Threat Graphs

    Alparslan Bolat
    Alparslan Bolat
    Hi there, What does what is found on the Threat Graphs mean? what should I do as a solution?
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • How to change Sophos Endpoint Agent language by command lin

    Tara Hsiao
    Tara Hsiao
    I have installed Sophos Sophos Endpoint Agent on Windows 10, how to change language from Japanese to English by command line instead of via GUI?
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Cryptoguard detect ransomware in $programfiles\Sophos\Endpoint Defense\SEDService.exe

    LMSIIATO
    LMSIIATO
    Hi to all, I'm confused about a cryptoguard detection, it seems they found ransomware on a component of sophos itself. id: {"type":3,"data":"10HWczOjodtRTCUtmJysJQ=="} family_id: a1e45bc2-168e-553c-f81a-5e712666d413 process_alias_path…
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • 2023.1.3.5 BETA

    Brian Loska
    Brian Loska
    When installing core agent 2023.1.3.5, some devices show 2023.1.3.5 BETA and some show 2023.1.3.5 versions. Why is there two versions? When did the version change? Updating does not change it to 2023.1.3.5 BETA version to 2023.1.3.5.
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Unable to Start Scan - Intercept X with EDR & XDR

    Joseph H
    Joseph H
    Hello, I am unable to manually start a scan on the endpoint. Windows 11 I click scan nothing happens. Any advice? Thank you, Joseph
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Failed to install component(s): hmpa64

    Jiming Zhou
    Jiming Zhou
    ####Sophos HitmanPro Alert Initial install log 20231115T013935 2023-11-15T01:39:40.6403111Z ERROR : SetupPluginCommand::onRun() failed with ComponentInstaller::InstallError: Failed to install component(s): hmpa64 2023-11-15T01:39:40.6403111Z INFO :…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Keine Sophos Sicherheitsprodukte installiert

    Karsten Rauer1
    Karsten Rauer1
    Auf dem Windows Server 2012R2 Standard habe ich " Intercept X Advanced for Server with XDR" installiert. Problem: Obwohl alles nach der Installation gut aussieht, werden die Server nicht aktualisiert und kommunizieren auch nicht mit Central. …
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • High CPU Usage - SEDService.exe offline

    Mori Bir
    Mori Bir
    Hi, I have an annoying problem with the Sophos Endpoint Agent. When I am connected to the internet everything is fine. However, when I unplug the cable and am offline, the load on SEDService.exe goes way up. I have now noticed that under C:\ProgramData…
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Manual PUA cleanup required: 'PsExec'

    Andrew Rouse
    Andrew Rouse
    Hey Everyone, Scratching my head over how to deal with this PAU as I can't find much information on it on the old Google box. The identified PAU is PsExec located within the ZIP WPJCleanUp, PsExec as well as WPJCleanUp are legitimate Windows resources…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • firefox error accessing the web with ssl inspection enable

    Shay Hanya
    Shay Hanya
    Hi I have ssl inspection in intercept x advanced with xdr/ I have a problem surfing with firefox. the message is: Software is Preventing Firefox From Safely Connecting to This Site mxtoolbox.com is most likely a safe site, but a secure connection…
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Heartbeat 1.15.1122.0 Error: Standard exception: use_private_key: unsupported - no Heartbeat

    LHerzog
    LHerzog
    Heartbeat is becoming my best friend. Yesterday I identified a Windows Server that had no heartbeat due to expired certificates. I reinstalled the agent and all was fine. Later the endpoint updated the heartbeat component from 1.15.835.0 to 1.15.1122…
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • View related content throughout Sophos Endpoint
  • More
  • Cancel
<>