I have been using Sophos EndPoint for about 3 years and using ChatGPT for about a year. Everything has been working fine until about 4 to 6 weeks ago when all of the sudden staff in our office cannot upload files to ChatGPT. I wasn't sure what is was…

Hi, we are a new partner coming from an ESET ecosystem, looking to replace it with Sophos for our customers, since we are using XGS and it makes sense to integrate Endpoint as well. While testing Intercept X in our environment first, my developers…

Hi, We have a Sophos Intercept-X user that has problems running End of Month reports via Excel in a certain CRM application. He is the only user requiring this functionality. We have tracked the issue down to being a .XLL (I assume that is an Excel…

Hi guys, Is it possible to block certain files when they are executed? For example, block all .EXE files when they are clicked

What is your company's policy regarding the operation of endpoint protection for software developers? I like Sophos Endpoint Protection, but the software developer environment is a headache. Our anti-threat policy has been so badly written that exceptions…

Hello, recently we've had multiple issues that Intercept X prevented installation or execution of software because it suposedly prevented "Lockdown". It likes to block our remote maintainance software because of this, and today I was unable to install…

We need to exclude some files from Sophos File Scanner on network drives. Lets say we have mapped drive N:\ with \\server1\share1 I tested access and logged with procmon and SFS debug logs, what is scanned, when opening N:\file1 I can see \\server1…

Hi all, I would like to know onething Sophos InterceptX Advanced EP can do skip scanning below these. > Some folders/files in server : if don’t want to scan.(File type is x.raw and other proprietary formats).

Hello, i would like to add a File-Exclusion rule for multiple filetypes and one specific path. Do i need to add multiple exclusions for each filetype or can i just create one rule for all? Here is an example: "C:\Test\Folder\*.txt,*.zip,*.abc…

We have an application that is found safe from Sophos Labs Team. How would I exclude it in Central? I have disabled all features on the endpoint as a test and it is still detected. Excluded the process path. No luck. Mitigation DLLHijack Policy…

Hi Sophos, We are receiving what we believe to be false positives with a piece of software at use in our ogranisation. This software is triggering an event on the affected device for 'DynamicShellcode'. I understand that I can go to this device…

Hallo Zusammen, hat jemand von euch Erfahrung mit dem Einsatz von Sophos Endpoint und Proficash? diese Bankingsoftware ist bei aktiven Endpoint schutz sehr langsam. Wenn die Policy's im Endpoint alle deaktiviert werden ist die Software wieder schnell…

Hey there. I know this question has been asked a few years back, but i hope there is an update to this. I deployed Sophos CIXA on my PC and it started automatically deleting some of my trusted software i use as a network technician. The files…

Good morning, We use Faronics Deep Freeze in our environment on shared-use PCs in classrooms and computer labs. We are experimenting with turning on data lake uploads to start using the threat analysis center, and the Deep Freeze detections are very…

Open Powershell 7 Connect-IPPSSession -UserPrincipalName User@domain.com MS login processes starts by trying to open a browser window with a local host address and a random port. The connection is refused and the login process to MS stops localhost…

Hi, I have an application created using VMware ThinnApp. Something like a portable application. The last few days I have been getting the application blocked on HollowProcess. Unfortunately the application is quite important for me and I need to run…

One of our user has " Outbreak detected " report due to the following domain access. does this site really have any issue or this is an wrong detectection, as much as I can see it blocked image files only ? if no how sophos going to resolve it? https…

Evening, I recently came across an issue I can't figure out how to resolve. We have an add-in for Excel that causes Sophos Endpoint to kill the program with a "StackExec" (MemProt) exploit prevented in Excel. Up until now we've just added the detection…

Recently we noticed that we are receiving over five detections on a given day for Stack Exec . The threat graph for all detections are identical with the root cause been Microsoft Office 2016. The reputation for Microsoft Office is good and the file is…

Hello everyone, I have a question. Some of your users needs to run a Python script (through VBA, command prompt or Python prompt). At the moment it gets blocked by Sophos. What's the best way to tackle this problem and allow this script to be run? …

We want to use a comment function in a "normal" Policie. If we click on "Add Exclusion" there is no field to comment something.

Hi Team, We have some systems where Sophos clients are running and considering below path suspicious. PathC:\Program Files (x86)\Avantium Technologies\Crystal16.exe I have created global exclusion in two ways:- 1) Based on File or folder (Windows…

We've recently updated to Endpoint and have an unusual issue with one of our users recently migrated to Win10 and Endpoint. Whenever they attempt to launch Volunteer Reporter by Volsoft it is blocked by Sophos. I am awaiting a local screenshot from our…

I have a large .net7 browser-wasm project that is published with AOT (Ahead-of-time) complication and Sophos keeps flagging "C:Program Files\dotnet\dotnet.exe" as a ransomware threat. The AOT process is linking and packaging a large number of files. Is…

How can I add a new custom application to the exceptions? This does not seem to help or it is not clear what will happen with the path that I add manually: I was looking for something like this: Need to add ROP exclusion for this not so…