Hello Sophos Community, I manage the Sophos Endpoint Antivirus Solution + Sophos Centrale. We are currently using the Sophos File Scanner Version 1.10.7.73. The CPU Usage spikes drastically to 40% in a ten minunte interval. Do you know any tricks to…

When I made a scan using virustotal for the site haagtech.se I get a few red flags. Sophos is one of them. The scan looks different if use my phone compared to a computer. On the phone Sophos has its own line, but on the computer it shares line with…

Now this mode only has observation mode, I hope to add interception mode in the future, for example, if the high risk level exceeds a certain score, automatic interception will be triggered and threat chart will be automatically built

I downloaded Eicar in several versions and was confused about this event in the Sophos Endpoint. We do not have eicar on an allow list. Event on the endpoint agent: and in Central: In the documentation I found that zip files containing virus…

I have a large .net7 browser-wasm project that is published with AOT (Ahead-of-time) complication and Sophos keeps flagging "C:Program Files\dotnet\dotnet.exe" as a ransomware threat. The AOT process is linking and packaging a large number of files. Is…

How can I add a new custom application to the exceptions? This does not seem to help or it is not clear what will happen with the path that I add manually: I was looking for something like this: Need to add ROP exclusion for this not so…

Hello, intercept-x caught this event, I didn't find any reference. Mal/EncPk-AAI, the detection was in a legitimate program, is this a false positive? Thanks André Soares

uid: 11153a4b-eb17-3ea8-e686-4e277003c638 family_id: 6eb3ff26-0e34-15a1-0f48-11e273784787 process_alias_path: $windows\explorer.exe process_name: Windows Explorer process_version: 10 thumbprint: 20f00333e19359ac81a0ac9dd49f7dd31533f3379a6e57f78bada98b0b7c64cf…

I've whitelisted PSEXEC and I've disabled all the modules for Sophos Endpoint but PSEXEC is still being removed as its recognised as a PUA. I've created a policy to whitelist this app on Central but nothing is applying. Anyone know how to get around…

Hello everyone, I have a problem with eset full disk encryption, in my organization clients have sophos Intercept X Advanced endpoint, and when ı start disk encryption with eset there are alerts by sophos hitman pro that does not permit for encryption…

Hi, I keep receiving this notification on Sophos. So far, I'm running Exchange Server 2019 on VM Host. The error mentioned this path on C drive: inetpub\wwwroot\aspnet_client\nzkqhfcsjpl.aspx . The .aspx name are not consistent. I'm not receiving…

Hello Sophos community, is anybody able to tell me, why Sophos Endpoint needs a pretty noticable amount of write io directly on disk? I can see the following in the servers ressource monitor every minute, as soon as realtime filescanner service…

uid: 11153a4b-eb17-3ea8-e686-4e277003c638 family_id: 6eb3ff26-0e34-15a1-0f48-11e273784787 process_alias_path: $windows\explorer.exe process_name: Windows Explorer process_version: 10 thumbprint: 20f00333e19359ac81a0ac9dd49f7dd31533f3379a6e57f78bada98b0b7c64cf…

Hello - Does anyone have any experience with National Instruments software? The only way to get the product to work is to disable real time scanning, and that isn't an option. I have created exclusions for directories and processes to no avail.

Hello Community, I have a problem with some customer endpoints with using the program ABBRobotStudio. Robotstudio is just a software which is communicating with ABB machines and robots. After installing the Endpoint to the computers all computers…

Hello, On a Linux system, I have installed the 'Server protection' installer. The filesystem should be scanned on - demand for specific directories. Is this product capable of doing it? My goal is to find something that performs the same function…

Hello, We got a dedicated optical fiber 1gb Down/up . With the endpoint installed, the speed download seems to be block around around 150 to 300 mb/s. Upload is correct. IF i uninstall it, then the speed go back to normal with around 900 mb/s. Tests…

One of our customers is experiencing massive performance issues (slow downs and sometimes freezes) while working with Autodesk AutoCAD (2022). The CAD files he's working on are stored on a network share and he usually has about 3-4 open at a time. …

Dear development team, A PUA has been detected, but the filename or hash does not provide details. I want to restore the file to check the details, but I cannot restore it unless I allow it from the event on the device management screen. It is dangerous…

We getting this alert few days ago. Can somebody help me to understand it legit or not? Thank you in advanced. Endpoint Type: Computer OS: Windows Device: HoKahMunNB Ransomware: uid: 0bcd57bb-ee99-4a28-b0d0-ec76291e25f4 family_id: 8f45804d…

Hey there New to Sophos so before i go installing on server running SQL (NOT Clustered) do i need to create any exclusions policies or is intercept x smart enough to do i on its own? if there are policies i need to create can someone guide me through…

We have a print driver that does PDF conversion of your document then uploads to our printshop. Every time someone on a Windows computer uses this driver it is opening an investigation. When I look at the investigation I can see that the print spooler…

Hi, guys Does anybody experience in file recovery that have been cleaned by sophos intercept X, actually I’m working on POC right now and one of my client’s application suspected as PUA, based on our intercept X behaviour, the file will be recover…

How to restore a threat file that has been cleaned up？ （The self-developed program was considered a threat file, so it was cleaned up during the copying process.） How can i restore the file?

Hi I have the same issue as the users in this thread. https://community.sophos.com/community-chat/f/discussions/108211/rop-exploit-prevented-in-microsoft Our users are trying to use a VoIP tool called VoIPOffice Communicator and Sophos is blocking…