If we had auto-isolate on we would have had hundreds of calls and have had to make hundreds of site visits to remediate. In other words, you might look at Task Manager or TCPView and say Well, nhttp is running, so the problem must be something else, but in actuality it is the nhttp.exe for a local Domino server instead of your Notes client. Also have a majority of computers across multiple customers go into red status because Endpoint falsely called a Java update malware. testing, it is also important to make sure you are looking for (or at) the correct nhttp.exe task. I think the auto-isolate feature is great, until a false positive happens like this. Why can't we just resolve this from Sophos Central? Why isn't there the same button there? It's completely insane to require an onsite visit to every computer affected by this issue, and there are a lot, if we used the auto-isolate feature. So we have to travel to a site, log on to the computer (in my test environment I couldn't even log on without unplugging the network cable, as it "couldn't find the domain controller"), and then get the tamper code, log into the Endpoint software, and click Resolve. On top of it all, there's no Sophos Central remediation for this. Oddly swi_fc.exe is a Sophos product, part of Endpoint, and if you have computers auto-isolate on red status they will go into isolation because of this. I'm seeing this on a number of computers too.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |