Open Powershell 7 Connect-IPPSSession -UserPrincipalName User@domain.com MS login processes starts by trying to open a browser window with a local host address and a random port. The connection is refused and the login process to MS stops localhost…

Hello. On some sophos endpoints the following error appears "Manual malware cleanup required: 'Unknown Threat' at 'null'". Could you tell me what this error refers to or how to solve it? The version in which this error appears is CoreAgent 2023.1.3.5…

Users are working with Microsoft office files on SMB shares on windows servers. When working inhouse all is fine. When they work remotely via Sophos SSL VPN Client, some users cannot save documents or excel sheets on the network shares because office…

I'm doing a POC with Crowdstrike and on the test computer we received a file that was detected as ( RegistryPersistEdit ) by Crowdstrike's machine learning. Sophos detected nothing and let the file make changes to the Windows registry. Sophos machine…

Hello everyone, We get the following alert What happened: We could not clean up a threat. Where it happened: computer name Path: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe What was detected: AMSI/Reflect-KA How severe it…

Hi. We have Intercept X Advanced for Server with XDR on Windows 2012 Server Std ( not very fresh stuff ) and Intercept X Advanced for endpoints. My Q is: if I go for a vulnerability scanning on the server with - say tools like Nessus - should I got…

I found that HPMA can already intercept, but sophos doesn't seem to have fusion rules yet

This error occurs in all notifications, not in specific cases

06961063 / Detection for dbjammer Ransomware / ref:_00D301GN6a._5003Z1bh7RS:ref https://www.securonix.com/blog/securonix-threat-labs-security-advisory-threat-actors-target-mssql-servers-in-dbjammer-to-deliver-freeworld-ransomware/ Securonix…

Hello, A client of ours has to download updates from their ERP software regularly and recently Sophos Endpoint has began flagging it as a PUA, we allowed the hash on the global exclusions, but as we know, each update would have a different hash. Is…

Hi One of our customers did pen test. They run Nesson, port scan and all kind of queryies, in the Sophos portal nothing in the logs or in the detection. man in the middle, nothing from the Sophos and nothing in the logs. Mybe there is a problem…

Hi all, I know this is not the right forum but sophos home premium doesn't have a dedicated forum so since it is based on the same technologies as the endpoint version I will try to post here. Two questions the first of which is probably silly. 1…

Hello, One of our machines is generating this alerts when user is trying to run automations on the chromedriver. It says ransomeware detected. CryptoGuard trying to encrypt files. Can someone please assist or have experienced the same. Let me know what…

Hi, I have an application created using VMware ThinnApp. Something like a portable application. The last few days I have been getting the application blocked on HollowProcess. Unfortunately the application is quite important for me and I need to run…

On a server, a suspected webshell has been found and deleted by Sophos Endpoint. MDR Team checked the case and confirmed: Hash verification via OSINT indicates 'C:\Users\serviceusername\AppData\Local\Temp\SERVICE_XXX\suspectedmalwarefile.jsp' is malicious…

I was importing images and Eagle was terminated by HMPA Eagle - 图片收集及管理必备工具

Some HMPA rules are not yet found on SOPHOS, such as: MalwareBlocked，StackPivot，ROP，CodeCave，CookieGuard，LockDown。

Hello, I am trying to install application from OpenSTM32 Community Site | HomePage (install_sw4stm32_win_64bits-v2.9.zip from download area) I have been using this application for years.without issues. But the SOPHOS is indicating and blocking javaw…

Does sophos or is it possible to have sophos alert/generate a log when a process or application has been elevated? The scenario we have is, we have an application that has to run with admin privileges. The application has been saved to run with these…

I am getting hundreds of these error messages. Uninstalling and reinstalling Sophos hasn't helped. What can I do to either stop these messages or fix the root cause?

Hi, Im getting this error in Sophos central for our client PC. "Malware or potentially unwanted applications in quarantine" How am i going to clean this? and if where is the location of the quarantine folder? Thanks, nidz

We're using the software "ALVA" by Ascherslebener Computer GmbH. Yesterday there was a scheduled update install of "ALVA". After installing the update you were not able to create or print any files out of the "ALVA" software. Also there was no error message…

Greetings very good afternoon community! I have a question. Is the endpoint capable of detecting and reporting a port scan? That it has been executed on the network and towards computers that have the Endpoint installed? I have seen that the Sophos…

One of our user has " Outbreak detected " report due to the following domain access. does this site really have any issue or this is an wrong detectection, as much as I can see it blocked image files only ? if no how sophos going to resolve it? https…