How can we test the IPS?

Hi William,

Excellent question. I will post an article on how to test IPS later today.

Vince

See https://community.sophos.com/products/intercept/early-access-program/f/recommended-reads/116135/how-to-test-ips for how to test IPS.

What about if the test doesn't trigger any detection?

I've disabled the windows firewall, tried the script both without argument and in server mode.
I can see the connection coming in like "nc" style on the sever side. No alert on sophos endpoint

The version installed is:

Thanks

Hi Fabio, that is really weird. You seem to have to correct Core Agent version. 

There are two obvious things we can check:

• Has the machine been added to the list of devices that are participating in the EAP? (if that screenshot is from the client that doesn't do the detection, then that seems to be the case)
• Are you sure you have not switched off the IPS setting?

Vince

Hi Vincent,

the machine was added to eap list of machine partecipating. I though the "BETA" version in the core agent line was exactly stating that.

The screenshot has been taken exactly from that machine. why are you saying "if that screenshot is from the client that doesn't do the detection, then that seems to be the case"?

The ips feature was not changed as tamper protection is in place. Anyway, I've checked and it appears to be in place.

BR

fabio

Hi Fabio,

Thanks for your answer!

As for the IPS setting, I was referring to the setting in Central. It is possible you've disabled it here:

I will check what we can do, and will come back to you.

Vince

Hi Vincent,

that make sense but unfortunately that's not the problem:

Any other idea?

br

fabio

Hi Fabio,

I've sent you a PM.

Vince

Hi Fabio,

Please can you advise which OS you are running on the machine in question?

Regards,

Stephen

Hi Stephen, sure. Here it is:

BR

Fabio