We have created a custom query to allow us to find specific file names and path on any system within our tenant. SELECT file, path FROM sophos_file_journal WHERE file LIKE '$$Filename$$'; This is very temperamental, as it will sometimes return a result…

I've seen a few posts already about this but nothing in recent years. I've turned on Application policy to try an prevent misuse of PowerShell and other tools. However its raised a large number of regular (hourly) alerts on most of the endpoints. Suggests…

Hello everyone, yesterday I saw for the first time an entry at "Web Threats Blocked". It shows me that a "High Risk" website was blocked. But sadly in this overview is not date and no information what website exactly was blocked. Is there an option…

Sophos no deja entrar a mis usuario a una pagina de gobierno ( egob.finanzas.cdmx.gob.mx/.../a ) porque una aplicación que usa la categoriza como "Mal/HTMLGen-A". Ya puse la pagina en una whitelist y nada.

The detections section in Threat Analysis Center is filling with many of these events caused by MDR checks. SRP seems to be related to Microsoft Software Restriction Policies. What is the intension of this check? "COMPLIANCE-SRP-DISALLOWED-PATHS…

I would like a setting from Sophos central to have block Bluetooth but only connect Bluetooth headphones which only transmits 2-way (in and out) audio but no data or file sharing. It is Possible or not...? If it possible then please guide me...!

Hallo, gibt es eine Möglichkeit eine Liste der Peripheral des jeweiligen Central Accounts zu erhalten um zu sehen, wann welche Peripheral zuletzt benutzt wurde, bzw. welche gar nicht mehr genutzt wurde? Der Peripheral Report zeigt leider nur die letzte…

Is anyone else noticing issues with SSL inspection recently? we've just had the new core agent 2023.1.0.73 deployed on our estate and seeing a vast amount of websites being blocked 'the encryption used by this server hosting the URL is insecure' downgrading…

hi all, is there a way of disabling tamper protection via cmd ie once i have the number via sophos central can i make a cmd bat script and disable it thanks, rob

Hi team, Is there any option to control (Block) Network storage services(NAS). And to block users using local Hardisk to store the data(Only store the data in MicrosoftOndrive) - To block internal harddisk. kindly help me to achieve above things.…

Hello All, I have been trying to create custom queries in Sophos Central for finding IoCs (SHA1 and SHA256). Can you please help me build query for the same? Regards, Jenil

I upgraded my subs to XDR and looked to following video: https://vimeo.com/519661823 Unfortunately I do not see tables mentioned there like: Data Lake hydration queries query result List all EP and XG FW Tables Windows programs Inventory search…

I have mixed Mac and Windows environment. So far I scheduled weekly two queries: Pending macOS updates Data Lake Pending Windows updates Data Lake Do you have any other recommendation what makes sense to run using the schedule ?

Hello, Just upgraded my license to XDR and now under detections I see many level 4 warnings like: SRP path rules missing. Secure boot supported but not enabled. DEP is not Admin Opt-out or Always-on. Applications with special compatibility…

Hello, i want to block drive services (google drive, yandex, cloud etc.) I've already blocked them on my firewall but when user connects to another network, user can still use drive services. Is there any way to prevent user to use drive services…

Hi team, Help us to get report in Web control policy violators with username and categories. Is it possible?

Hola comunidad, Tengo la siguiente duda: ¿Es posible que desde Sophos central se bloquee el servicio de impresión por red? Gracias por su ayuda.

Hi We have Sophos Central in our environment. Peripheral Control is enabled everything works as it should however we are unable to update create or delete files on our peripheral devices. Is there perhaps a setting that we could change to help solve…

Hello, We use the usb device blocking option on the endpoints. We have quite a few Samsung mobile phones in our company. Unfortunately for these Samsung mobiles I don't see an 'Instance ID' in Sophos Central. I only see 'Model ID'. I connected several…

How do I obtain Tamper Protection Password for an endpoint not showing in Sophos Central?

How can I block Tiktok in web control?

If a Lap is encryped bitlocker, using Sophos Central, if we reset the Laptop through windows, is it safe to dispose of the HDD?

If a Laptop is encrypted through Sophos, and the laptop is then reset and wiped, is the har drive safe to dispose of?

Hi We have had a few users events kick in with the following order type Whilst we cannot find anything untoward on the device or the endusers' activitiy, we have seen the above steps replicated across about 3 other devices, different dates, and…

Is there any option to block the downloads (all the files) from browser in Sophos endpoint security.