Hi all, I would like to know onething Sophos InterceptX Advanced EP can do skip scanning below these. > Some folders/files in server : if don’t want to scan.(File type is x.raw and other proprietary formats).

Hello, i would like to add a File-Exclusion rule for multiple filetypes and one specific path. Do i need to add multiple exclusions for each filetype or can i just create one rule for all? Here is an example: "C:\Test\Folder\*.txt,*.zip,*.abc…

We have an application that is found safe from Sophos Labs Team. How would I exclude it in Central? I have disabled all features on the endpoint as a test and it is still detected. Excluded the process path. No luck. Mitigation DLLHijack Policy…

Hi Sophos, We are receiving what we believe to be false positives with a piece of software at use in our ogranisation. This software is triggering an event on the affected device for 'DynamicShellcode'. I understand that I can go to this device…

Users received legitimate word files via Outlook. When received they opened and edited the attachment directly (explains the AppData\Local\Temp\NDFCE93.tmp filename) an then while then saving the file on the Windows Server SMB file share, their Sophos…

Hello Community, This message appears on a file server, with the associated IP address that is said to have carried out the attack. CryptoGuard detected a ransomware attack from 192.168.X.X (client ip) The client shows the same thing, but nowhere is there…

Hello everyone, Is anyone else getting "High-Risk" detections "WIN-INI-PRC-NODE-SPAWN-SUSP-PROCESS-1" from Adobe Creative Cloud? "parent_path": "C:\\Program Files\\Adobe\\Adobe Creative Cloud Experience\\libs\\node.exe" SHA256( node.exe) : 17fd75d8a41bf9b4c475143e19ff2808afa7a92f7502ede731537d9da674d5e8…

Leap year bug guys? Seeing more and more reports of Browser warning NET:ERR_CERT_DATE_INVALID its the Sophos Endpoint RSA Root with a date of 1/1/1601 Meaning its the SSL/TLS Inspection feature - turn it off and the problem goes away... Ouch!

Hello, I want to block generative ai using sophos antivirus, I've checked the application control and i couldnt find anything. Do i have to use FQDN for all of them or is there any basic way to do so? Regards.

I am interested in Sophos Intercept X EDR. I cannot find the details regarding presence of cloud sandbox facility in EDR. Do EDR have cloud sandbox facilityin it? Thanks in advance.

Hello! New to this forum. We have the Sophos Agent here on all of our servers. I need to use the agent to scan a single file on the CLI and output whether or not it is infected. I need to do this in C# that's why I was looking for the CLI app. But I…

Hello everyone, we have been using Intercept X in the Sophos Central Cloud for some time. Here we need the ability to view a log file or a report after a self-triggered “full scan”. This was possible in the old onPrem Sophos and client. In the Intercept…

Dear All, Hope you are all doing well. I have a question regarding AMSI Sophos Protection. Is it okay to turn off AMSI logging? Turn off AMSI logging to resolve compatibility issues – Sophos Home Help Since we upgraded our workstations to Windows…

Hey there. I know this question has been asked a few years back, but i hope there is an update to this. I deployed Sophos CIXA on my PC and it started automatically deleting some of my trusted software i use as a network technician. The files…

I am the admin for quite a number of Hanwha camera servers. Several in particular are in a school system. Once our servers were installed, unknown to us, they deployed SOPHOS on the servers. Now we are seeing numerous crashes, lockups, packet losses and…

Hello, We have the Intercept X Advanced with XDR license, will we need a new license if we want to implement the NDR Sensor or does our license already include this sensor? When will it be released? Thanks André Soares

My employees accidentally cleared an alert in Sophos Central for a ransomeware attack. Doing so erased all the detail information (File locations, etc.) Can someone point me to the log location so I can get that information from the log?

Our SAP server’s backup process, that is using certutil.exe, is detected as a defense evasion threat. In details the detection is Detection ID: WIN-EVA-PRC-CERTUTIL-DECODE-1 Command Line: certutil -decode password.b64 password.txt File Path: C:\Windows…

Hello Everyone, I have tryied to search about this in the forum but couldn't find anything. My scenario is : XGS2100 Xstream protection + Endpoints with advanced Threat protection. I keep receiving this two alerts but I have tried to see what to do…

Hi to all, I'm confused about a cryptoguard detection, it seems they found ransomware on a component of sophos itself. id: {"type":3,"data":"10HWczOjodtRTCUtmJysJQ=="} family_id: a1e45bc2-168e-553c-f81a-5e712666d413 process_alias_path…

Hey Everyone, Scratching my head over how to deal with this PAU as I can't find much information on it on the old Google box. The identified PAU is PsExec located within the ZIP WPJCleanUp, PsExec as well as WPJCleanUp are legitimate Windows resources…

Good morning, We use Faronics Deep Freeze in our environment on shared-use PCs in classrooms and computer labs. We are experimenting with turning on data lake uploads to start using the threat analysis center, and the Deep Freeze detections are very…

hi, i have installed CIXA for server on few servers. on 3rd of AUG 23 few of my server in LAN upon which cixa for servers were not installed, got hit by ransomware , file extension becom gasprom, i also have XG 310 at gateway level and turned on ATP…

Sophos home, Since the 28th of october I've been getting a message stating a scan will start due to ransomware detected a few days ago. I perform a scan and nothing is found but everyday i get this message. The file mentioned in the history is, C…

Open Powershell 7 Connect-IPPSSession -UserPrincipalName User@domain.com MS login processes starts by trying to open a browser window with a local host address and a random port. The connection is refused and the login process to MS stops localhost…