• issue with RDP

    Carol Jenkins
    Carol Jenkins
    I am only able to access a Hyper-V server from the Hyper-V Manager on the physical host. When the connection is established, I can use MSTSC from my local Windows 11 machine to connect to the server and take control of the session. However , if I attempt…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • CryptoGuard detected ransomware in C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2302.5.0_x64__cv1g1gvanyjgm\WhatsApp.exe

    TareK
    TareK
    Sophos Endpoint is detecting a CryptoGuard detected ransomware in C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2302.5.0_x64__cv1g1gvanyjgm\WhatsApp.exe I am unsure of the reason behind this detection and would appreciate your help in resolving…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Ransomware alert

    Sophos User1564
    Sophos User1564
    We are hit with potential ransomware but it shows strange originating IP address. How can i figure out where it originated. CryptoGuard detected a ransomware attack from fe80::6d67:8f89:d7d5:be80
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Quick Assist

    Andrea Gatt
    Andrea Gatt
    Good morning, We have Sophos at work and we discovered recently that Quick Assist is being blocked by Web Control. Seems to be a new thing because there were no changes in the systems. Can you please help and/or provide a solution? Thanks & Regards, …
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Sophos FileScanner "SophosFileScanner.exe" spiking Up To 40% CPU Usage

    Nico Stark
    Nico Stark
    Hello Sophos Community, I manage the Sophos Endpoint Antivirus Solution + Sophos Centrale. We are currently using the Sophos File Scanner Version 1.10.7.73. The CPU Usage spikes drastically to 40% in a ten minunte interval. Do you know any tricks to…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Sophos indicates Malware at virustotal

    Björn Bertilsson
    Björn Bertilsson
    When I made a scan using virustotal for the site haagtech.se I get a few red flags. Sophos is one of them. The scan looks different if use my phone compared to a computer. On the phone Sophos has its own line, but on the computer it shares line with…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Will automatic interception be added to SOPHOS detection mode MITRE ATT&CK in the future?

    Leung233 User
    Leung233 User
    Now this mode only has observation mode, I hope to add interception mode in the future, for example, if the high risk level exceeds a certain score, automatic interception will be triggered and threat chart will be automatically built
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • eicar_com.zip: cleanup aborted because on allow list

    LHerzog
    LHerzog
    I downloaded Eicar in several versions and was confused about this event in the Sophos Endpoint. We do not have eicar on an allow list. Event on the endpoint agent: and in Central: In the documentation I found that zip files containing virus…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • False threat detection, ransomware, on dotnet.exe

    James Komenda
    James Komenda
    I have a large .net7 browser-wasm project that is published with AOT (Ahead-of-time) complication and Sophos keeps flagging "C:Program Files\dotnet\dotnet.exe" as a ransomware threat. The AOT process is linking and packaging a large number of files. Is…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Exploit Mitigation custom exclusion

    LHerzog
    LHerzog
    How can I add a new custom application to the exceptions? This does not seem to help or it is not clear what will happen with the path that I add manually: I was looking for something like this: Need to add ROP exclusion for this not so…
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Mal/EncPk-AAI

    Andre Soares
    Andre Soares
    Hello, intercept-x caught this event, I didn't find any reference. Mal/EncPk-AAI, the detection was in a legitimate program, is this a false positive? Thanks André Soares
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • how can we fix this.

    Carol Jenkins
    Carol Jenkins
    uid: 11153a4b-eb17-3ea8-e686-4e277003c638 family_id: 6eb3ff26-0e34-15a1-0f48-11e273784787 process_alias_path: $windows\explorer.exe process_name: Windows Explorer process_version: 10 thumbprint: 20f00333e19359ac81a0ac9dd49f7dd31533f3379a6e57f78bada98b0b7c64cf…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Sophos disabled but still blocking files

    jt86
    jt86
    I've whitelisted PSEXEC and I've disabled all the modules for Sophos Endpoint but PSEXEC is still being removed as its recognised as a PUA. I've created a policy to whitelist this app on Central but nothing is applying. Anyone know how to get around…
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • Sophos Endpoint and Eset Disk Encryption Problem

    Rejep Annamuhammedov
    Rejep Annamuhammedov
    Hello everyone, I have a problem with eset full disk encryption, in my organization clients have sophos Intercept X Advanced endpoint, and when ı start disk encryption with eset there are alerts by sophos hitman pro that does not permit for encryption…
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • CXmal/WebAgnt-A continuously intercepted by Sophos on Exchange Server 2019- How I can stop this?

    NOR ASMIRA BINTI MOHD NOR
    NOR ASMIRA BINTI MOHD NOR
    Hi, I keep receiving this notification on Sophos. So far, I'm running Exchange Server 2019 on VM Host. The error mentioned this path on C drive: inetpub\wwwroot\aspnet_client\nzkqhfcsjpl.aspx . The .aspx name are not consistent. I'm not receiving…
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • Sophos Endpoint realtime filescan on server causes high io write with $$$ files

    DuS
    DuS
    Hello Sophos community, is anybody able to tell me, why Sophos Endpoint needs a pretty noticable amount of write io directly on disk? I can see the following in the servers ressource monitor every minute, as soon as realtime filescanner service…
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • What is this alert, how can we fix this.

    Ashish Koshta
    Ashish Koshta
    uid: 11153a4b-eb17-3ea8-e686-4e277003c638 family_id: 6eb3ff26-0e34-15a1-0f48-11e273784787 process_alias_path: $windows\explorer.exe process_name: Windows Explorer process_version: 10 thumbprint: 20f00333e19359ac81a0ac9dd49f7dd31533f3379a6e57f78bada98b0b7c64cf…
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • Sophos and National Instruments Software

    Sophos User5832
    Sophos User5832
    Hello - Does anyone have any experience with National Instruments software? The only way to get the product to work is to disable real time scanning, and that isn't an option. I have created exclusions for directories and processes to no avail.
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • Endpoint maybe blocking ABBRobotStudio

    DanielSch
    DanielSch
    Hello Community, I have a problem with some customer endpoints with using the program ABBRobotStudio. Robotstudio is just a software which is communicating with ABB machines and robots. After installing the Endpoint to the computers all computers…
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • LINUX SYSTEM

    alvisn parker
    alvisn parker
    Hello, On a Linux system, I have installed the 'Server protection' installer. The filesystem should be scanned on - demand for specific directories. Is this product capable of doing it? My goal is to find something that performs the same function…
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • Endpoint slow down internet speed

    Louis
    Louis
    Hello, We got a dedicated optical fiber 1gb Down/up . With the endpoint installed, the speed download seems to be block around around 150 to 300 mb/s. Upload is correct. IF i uninstall it, then the speed go back to normal with around 900 mb/s. Tests…
    • Answered
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • High CPU load resulting in CAD application slowing down massively

    N Bishop
    N Bishop
    One of our customers is experiencing massive performance issues (slow downs and sometimes freezes) while working with Autodesk AutoCAD (2022). The CAD files he's working on are stored on a network share and he usually has about 3-4 open at a time. …
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • PUA files download

    Endpoint User
    Endpoint User
    Dear development team, A PUA has been detected, but the filename or hash does not provide details. I want to restore the file to check the details, but I cannot restore it unless I allow it from the event on the device management screen. It is dangerous…
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • CryptoGuard detected ransomware in C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2237.5.0_x64__cv1g1gvanyjgm\WhatsApp.exe

    fariz@TA
    fariz@TA
    We getting this alert few days ago. Can somebody help me to understand it legit or not? Thank you in advanced. Endpoint Type: Computer OS: Windows Device: HoKahMunNB Ransomware: uid: 0bcd57bb-ee99-4a28-b0d0-ec76291e25f4 family_id: 8f45804d…
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • SQL Exclusions Intercept X

    sohand
    sohand
    Hey there New to Sophos so before i go installing on server running SQL (NOT Clustered) do i need to create any exclusions policies or is intercept x smart enough to do i on its own? if there are policies i need to create can someone guide me through…
    • Answered
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • View related content throughout Sophos Endpoint
  • More
  • Cancel
<>