(Browser-Specific): Threat Protection policies only detects malwares in Firefox when accessing the eicar website but failed to detect it using Chrome. also, what is this behavior, it keeps detecting the malware, cleans it, but never kills the sophos_hips_test…

Endpoint appears as malicious behavior, but shouldn't detecting c2 be the purview of IPS? Why is it showing malicious behavior? Or is the ips module already involved?

Hello, starting from today (27/08/2024) debugging in Lazarus ( https://www.lazarus-ide.org/ ) with Free Pascal Compiler ( https://www.freepascal.org/ ) as backend is getting tremendously slow. If I disable the HitmanPro.Alert service everything runs…

We run a small licensing application on a server, and the same client runs on student PCs in our media lab. The application named "iLok" started failing a few weeks ago, and after some investigation it is Sophos blocking it. We found by trial and error…

Hello there, How can I run my Sophos AV on a device while in safe mode (Windows 11 Pro)? Which executable file I should click to start scanning against threats? Kind Regards, Damian

Hello, One of the apps I'm developing is flagged as a low-reputation app, for the following security consideration: Trigger installation (This app can ask Android to install another app). The problem is, that I didn't add a mechanism to install apps,…

Hi, I want to test ransome ware attached in client which installed Sophos Endpoint. How can I check it from Sophos Central for this attach notification and How can I put this Ransome ware file to this client for testing.

Users received legitimate word files via Outlook. When received they opened and edited the attachment directly (explains the AppData\Local\Temp\NDFCE93.tmp filename) an then while then saving the file on the Windows Server SMB file share, their Sophos…

Leap year bug guys? Seeing more and more reports of Browser warning NET:ERR_CERT_DATE_INVALID its the Sophos Endpoint RSA Root with a date of 1/1/1601 Meaning its the SSL/TLS Inspection feature - turn it off and the problem goes away... Ouch!

I am interested in Sophos Intercept X EDR. I cannot find the details regarding presence of cloud sandbox facility in EDR. Do EDR have cloud sandbox facilityin it? Thanks in advance.

Hello everyone, we have been using Intercept X in the Sophos Central Cloud for some time. Here we need the ability to view a log file or a report after a self-triggered “full scan”. This was possible in the old onPrem Sophos and client. In the Intercept…

Hello, We have the Intercept X Advanced with XDR license, will we need a new license if we want to implement the NDR Sensor or does our license already include this sensor? When will it be released? Thanks André Soares

My employees accidentally cleared an alert in Sophos Central for a ransomeware attack. Doing so erased all the detail information (File locations, etc.) Can someone point me to the log location so I can get that information from the log?

Our SAP server’s backup process, that is using certutil.exe, is detected as a defense evasion threat. In details the detection is Detection ID: WIN-EVA-PRC-CERTUTIL-DECODE-1 Command Line: certutil -decode password.b64 password.txt File Path: C:\Windows…

Hello Everyone, I have tryied to search about this in the forum but couldn't find anything. My scenario is : XGS2100 Xstream protection + Endpoints with advanced Threat protection. I keep receiving this two alerts but I have tried to see what to do…

hi, i have installed CIXA for server on few servers. on 3rd of AUG 23 few of my server in LAN upon which cixa for servers were not installed, got hit by ransomware , file extension becom gasprom, i also have XG 310 at gateway level and turned on ATP…

Hello! I`ll do a Sophos Endpoint implementation and I did not found a way to perform a Silent Installation of Intercept X in more then 300 computers (and removing third party endpoint software like bitdefender) and probably some linux servers. Can some…

Hi to all, I'm confused about a cryptoguard detection, it seems they found ransomware on a component of sophos itself. id: {"type":3,"data":"10HWczOjodtRTCUtmJysJQ=="} family_id: a1e45bc2-168e-553c-f81a-5e712666d413 process_alias_path…

I'm doing a POC with Crowdstrike and on the test computer we received a file that was detected as ( RegistryPersistEdit ) by Crowdstrike's machine learning. Sophos detected nothing and let the file make changes to the Windows registry. Sophos machine…

I found that HPMA can already intercept, but sophos doesn't seem to have fusion rules yet

06961063 / Detection for dbjammer Ransomware / ref:_00D301GN6a._5003Z1bh7RS:ref https://www.securonix.com/blog/securonix-threat-labs-security-advisory-threat-actors-target-mssql-servers-in-dbjammer-to-deliver-freeworld-ransomware/ Securonix…

Hello, I've seen this question asked but none of the posts have an answer. We have an XGS firewall and Sophos Endpoint Protection on our PCs. When laptops for example, are on-site or on VPN, they get the XGS polices AND the Endpoint policies. We…

Hi One of our customers did pen test. They run Nesson, port scan and all kind of queryies, in the Sophos portal nothing in the logs or in the detection. man in the middle, nothing from the Sophos and nothing in the logs. Mybe there is a problem…

Hello, One of our machines is generating this alerts when user is trying to run automations on the chromedriver. It says ransomeware detected. CryptoGuard trying to encrypt files. Can someone please assist or have experienced the same. Let me know what…

Hello, I am trying to install application from OpenSTM32 Community Site | HomePage (install_sw4stm32_win_64bits-v2.9.zip from download area) I have been using this application for years.without issues. But the SOPHOS is indicating and blocking javaw…