Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 10 subscribers
  • Views 1768 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Noob questions on Sophos Central and Endpoint

BlueSnowman

Hi

Installed Sophos Central with Endpoint as a view to implement for central IT control of PCs, from an Anti Virus, DLP and hardware control perspective to replace a couple of products currently in use (and overlapping) - but having some issues :)

1 - I can see how to deploy Sophos remotely (scripted install) - how can you officially remove it?

2 - How often do web violations reports get updated - I visited blocked sites, got local notification, Sophos Central showed alerts in device, but no report update for 30m or so, and no alerts?

3 - For DLP - I want to create rules to block documents with certain content (which works OK) - but don't want the user notified of block, just silently block an the app or whatever error due to lack of access (if blocked) or just reported to console - is that possible (I can suppress virus alerts, just not DLP, and I don't want virus alerts suppressed!)

4 - Blocking USB storage works, and it logs in console, but not able to get email alerts? 

5 - Any way to alert/email on website violation or is it report only?

Considering I've gone to 101 blocked websites, downloaded multiple PUPs and viruses, and tried to upload blocked documents, and stuck in blocked memory sticks, I'm not getting email alerts that are warning me?

Am I missing something?

 

(Competing products can show/hide client notifications for each event, log to a report, and email/alert any specific event instantly)



This thread was automatically locked due to age.
  • 0

    1 - If you have Tamper Protection enabled and you need to remove it, you'll need physical access to the machine, at least in my experience, because disabling tamper protection from Central works, but when trying to remove the applications I have always had to boot into safe mode, change 4 registry keys and reboot, then uninstall the product. Your mileage may vary.

    2 - By default you get 1 type of alert per 24 hours. You have to go into the notifications setting and change the setting to allow more notifications.

    3 - You can change the message in a policy by scrolling to the bottom of the screen and unchecking the notification. This will suppress the message and the user shouldn't see anything

    4 - I have never received an email alert on a blocked USB device. They changed their email notification settings to really only alert on viruses detected and nothing else, unfortunately

    5 - Due to #4, I would bet it's report only.

    I unfortunately have not received email alerts except for the occasional "The network protection service has stopped running" on a computer, or that Sophos was installed and failed to protect it fully (usually just requires a reboot).

    I will go back into the settings to mess around, but the email functionality isn't customizable really.

     

    -Nick

  • 0 in reply to Nick Cuddemi

    Thanks for taking time to reply

    1 - Managed to uninstall by script using KB article - so that's OK - though 2 days later console still has green tick lol

    2 - Thx

    3 - Doesn't work - the notification is turned off there and it defaults to default message

    4/5 etc - Hmmm.  Its so close to being great and reportive, but in an environment where they want instant notification if a document tries to leave the building or someone inserts a USB - the annoyance is Sophos *could* do it, but for whatever reason doesn't! 

     

    Grr

  • 0 in reply to BlueSnowman

    There are some changes to Alerting in Central right now.

    https://community.sophos.com/kb/en-us/132192

    Did you read already this KBA? 

    __________________________________________________________________________________________________________________

Unfiltered HTML
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML