Self Help extra resources
Should you choose to handle the Active Incident on your own we’ve provided you some helpful articles to get you started. Sophos Support can help with questions you may have on the content of these articles, troubleshoot product issues and provide guidance on product best practices.
Important
Remediation, Root Cause Analysis and Forensic Investigations fall outside of what Sophos Support offers.
Policy
- Sophos Central Endpoint: Recommended settings for Threat Protection policy
- Sophos Central Server: Recommended settings for Threat Protection policy
Sample Submission and False Positives
- How to submit samples of suspicious files to Sophos
- How to submit spam and false positive spam samples to SophosLabs
- How to investigate and resolve a potential False Positive or Incorrect Detection
Ransomware reading
- Remediation Script for WannaMine infection
- How do I remove ransomware
- Ransomware: Recovery and removal
- Ransomware: Information and prevention
- How to resolve multiple detections for CXmal/Wanna-A, Troj/Ransom-EMG, HPMal/Wanna-A
Windows patching and vulnerabilities
- How to Verify if a Machine is Vulnerable to EternalBlue - MS17-010
- How to list all of Windows and Software Updates applied on a computer
How to investigate generic detections
Specialized detections
- Sophos Endpoint: How to resolve malware detection on pagefile.sys or hiberfil.sys
- Sophos Intercept X: How to deal with CredGuard Detection
- How to Investigate Malware
Emotet and Trickbot
Coin miners
Community reading
- Decoding Malicious PowerShell Activity - A Case Study - Blog - Malware Questions - Sophos Community
- Lemon_Duck PowerShell malware cryptojacks enterprise networks – Sophos News