• chromedriver ransomeware alert

    Jayesh Thakkar
    Jayesh Thakkar
    Hello, One of our machines is generating this alerts when user is trying to run automations on the chromedriver. It says ransomeware detected. CryptoGuard trying to encrypt files. Can someone please assist or have experienced the same. Let me know what…
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • False positive for javaw.exe

    Reinaldo Flamino
    Reinaldo Flamino
    Hello, I am trying to install application from OpenSTM32 Community Site | HomePage (install_sw4stm32_win_64bits-v2.9.zip from download area) I have been using this application for years.without issues. But the SOPHOS is indicating and blocking javaw…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Some HMPA rules are not yet found on SOPHOS,When will it be fully integrated?

    ong! L
    ong! L
    Some HMPA rules are not yet found on SOPHOS, such as: MalwareBlocked,StackPivot,ROP,CodeCave,CookieGuard,LockDown。
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Alert or log when application is elevated

    Erik Marschang
    Erik Marschang
    Does sophos or is it possible to have sophos alert/generate a log when a process or application has been elevated? The scenario we have is, we have an application that has to run with admin privileges. The application has been saved to run with these…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • SOPHOS INTERCEPT X - PORT SCAN DETECTION

    ORLANDO GONZALEZ1
    ORLANDO GONZALEZ1
    Greetings very good afternoon community! I have a question. Is the endpoint capable of detecting and reporting a port scan? That it has been executed on the network and towards computers that have the Endpoint installed? I have seen that the Sophos…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • CryptoGuard detected ransomware in C:\Program Files\Sophos\Endpoint Defense\SophosCleanup.exe

    Lim Woei Kang
    Lim Woei Kang
    Dear All, im facing CrytoGuard detected on sophoscleanup.exe CryptoGuard detected ransomware in C:\Program Files\Sophos\Endpoint Defense\SophosCleanup.exe anyone encountered this issue before?
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Blocking/Warning compressed files - Intercept X

    Jonas Stadler
    Jonas Stadler
    Hello everyone, i am looking for a option to restrict the download of compressed files via Sophos Intercept X Advanced. In our XG 230 we set the filetyp "Compressed Files" to "warn" and it works as desired. But we also have a few notebooks that leave…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • "Policy non-compliance: Exploit Detection" Alert disappears with no information of what was the cause

    Edward Burnside
    Edward Burnside
    We have been getting some "Policy non-compliance: Exploit Detection" alerts from some of our devices. These then return to compliance once the device was next powered on. This is great that they return to compliance, but there doesn't appear to be any…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • [QueryCorner][March2023] Deep Diving into OneNote Attacks

    JeramyKopacko
    JeramyKopacko
    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Index Purpose Prerequisites Query #1 - Live Discover - Check…
    • over 1 year ago
    • Sophos Endpoint
    • Recommended Reads
  • Protect Critical Functions in Web Browsers (Safe Browsing)

    Lee Wolstencroft Personal
    Lee Wolstencroft Personal
    Hello, I have been asked by a customer if there is a document which thouroughly explains how 'Protect critical functions in web browsers (Safe browsing) works but cannot seem to find anything. Does such a document exist? Thanks, Lee.
    • Answered
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • CryptoGuard detected ransomware in C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2302.5.0_x64__cv1g1gvanyjgm\WhatsApp.exe

    TareK
    TareK
    Sophos Endpoint is detecting a CryptoGuard detected ransomware in C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2302.5.0_x64__cv1g1gvanyjgm\WhatsApp.exe I am unsure of the reason behind this detection and would appreciate your help in resolving…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • PowerShell script to migrate Sophos endpoint protection from current Sophos Central to new Sophos Central

    IsmailJaweed
    IsmailJaweed
    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Overview This article describes how to create a PowerShell script…
    • over 1 year ago
    • Sophos Endpoint
    • Recommended Reads
  • Migrate from non-Sophos endpoint protection to Sophos Central endpoint protection.

    IsmailJaweed
    IsmailJaweed
    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Phase 1: Prepare for migration. STEP 1 In this step, you…
    • over 1 year ago
    • Sophos Endpoint
    • Recommended Reads
  • Ransomware alert

    Sophos User1564
    Sophos User1564
    We are hit with potential ransomware but it shows strange originating IP address. How can i figure out where it originated. CryptoGuard detected a ransomware attack from fe80::6d67:8f89:d7d5:be80
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Will automatic interception be added to SOPHOS detection mode MITRE ATT&CK in the future?

    Leung233 User
    Leung233 User
    Now this mode only has observation mode, I hope to add interception mode in the future, for example, if the high risk level exceeds a certain score, automatic interception will be triggered and threat chart will be automatically built
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • eicar_com.zip: cleanup aborted because on allow list

    LHerzog
    LHerzog
    I downloaded Eicar in several versions and was confused about this event in the Sophos Endpoint. We do not have eicar on an allow list. Event on the endpoint agent: and in Central: In the documentation I found that zip files containing virus…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • Sophos Endpoint and Eset Disk Encryption Problem

    Rejep Annamuhammedov
    Rejep Annamuhammedov
    Hello everyone, I have a problem with eset full disk encryption, in my organization clients have sophos Intercept X Advanced endpoint, and when ı start disk encryption with eset there are alerts by sophos hitman pro that does not permit for encryption…
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • Problem with Windows Firewall on machines with Sophos Endpoint Agent installed

    Junior User
    Junior User
    Hello there... I am facing the following problem: I can not ping nor access shared folders and similar protocols on computers with Sophos Endpoint installed with module "Sophos Intercepct X" enabled, Windows Firewall feature enabled and Windows Firewall…
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • [QueryCorner][October2022] Audit Application Control

    JeramyKopacko
    JeramyKopacko
    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Purpose Sophos Endpoint and Server products all come equipped with…
    • over 2 years ago
    • Sophos Endpoint
    • Recommended Reads
  • [QueryCorner][October2022] Audit Peripheral Control

    JeramyKopacko
    JeramyKopacko
    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Purpose Sophos Endpoint and Server products all come equipped with…
    • over 2 years ago
    • Sophos Endpoint
    • Recommended Reads
  • CryptoGuard detected ransomware in C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2237.5.0_x64__cv1g1gvanyjgm\WhatsApp.exe

    fariz@TA
    fariz@TA
    We getting this alert few days ago. Can somebody help me to understand it legit or not? Thank you in advanced. Endpoint Type: Computer OS: Windows Device: HoKahMunNB Ransomware: uid: 0bcd57bb-ee99-4a28-b0d0-ec76291e25f4 family_id: 8f45804d…
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • ROP exploit prevented

    fnanfne
    fnanfne
    Hi I have the same issue as the users in this thread. https://community.sophos.com/community-chat/f/discussions/108211/rop-exploit-prevented-in-microsoft Our users are trying to use a VoIP tool called VoIPOffice Communicator and Sophos is blocking…
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • WipeGuard exploit prevented in Sophos Endpoint Defense Software

    LHerzog
    LHerzog
    There is one client that does nothing else than reporting WipeGuard preventions. Even for Sophos Processes. What's the use of that feature and log? Initial Detection: WIN-MITRE-Behavioral-TA0040-T1561.002
    • Answered
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • safe browsing

    Guillermo Garcia
    Guillermo Garcia
    I have a couple of computers that when downloading, it will stay at 100%. will not allow you to open the file/ will not open "Show in folder".... I can go to my downloads page and I can access it and run the download from there. So after so much troubleshooting…
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • Sophos Protection for Windows: Automate deployment using Ansible

    subrata paul
    subrata paul
    Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Overview This article provides a high-level overview of deploying…
    • over 2 years ago
    • Sophos Endpoint
    • Recommended Reads
  • View related content from anywhere
  • More
  • Cancel
<>