Skip to content

FAQ: Sophos Endpoint Agent🔗

Tip

Additional Sophos Endpoint Agent troubleshooting, tutorial, and informational articles are available in the Secureworks Knowledge Base.

Is Sophos Endpoint Agent available to all customers?

Sophos Endpoint Agent for Windows and Linux is now generally available to all XDR tenants.

Which operating systems is Sophos Endpoint Agent supported on?

See Sophos Endpoint Agent Supported Operating Systems.

What potential scenarios may arise from running two XDR-supported endpoint integrations?

If you run Sophos Endpoint Agent alongside Taegis Endpoint Agent, Red Cloak™ Endpoint Agent, or third-party supported endpoint software (such as Carbon Black, CrowdStrike, or Microsoft Defender), and if the third-party integration is connected to Secureworks® Taegis™ XDR, you may encounter the following scenarios:

  • Duplicate Alerts: If two agents collect similar telemetry from the endpoint, this may lead to duplicate detections in XDR. You can minimize this impact by suppressing duplicate alerts.

  • Agent Performance: If Sophos Endpoint Agent is not safelisted in the third-party endpoint application, performance or compatibility issues may occur on the endpoint or host.

My antivirus product blocked Sophos Endpoint Agent. What should I do?

Antivirus products monitor systems for unusual modifications to the operating system or installed software. One example of such a modification would be Sophos Endpoint Agent data files created by its processes. Even though Sophos Endpoint Agent DOES NOT modify anything belonging to the operating system, some antivirus or malware protection products may consider modifications to Sophos Endpoint Agent’s own files as malicious behavior and block or stop the processes. We recommend that you exclude the following folders, which belong to Sophos Endpoint Agent by default, from antivirus scanning and/or add them to an allow list or safe list.

  • Windows:

    • C:\Program Files\Sophos\
    • C:\Program Files (x86)\Sophos\
    • C:\ProgramData\Sophos\

  • Linux :

    • /opt/sophos/
What are the recent changes in Sophos Endpoint Agent?

See Sophos Endpoint Agent Release Notes for version updates.

What network connectivity is required?

Please refer to Sophos Endpoint Agent Installation for connectivity requirements.

How often is new intelligence added to Sophos Endpoint Agent?

Continuously.

How do I get assistance with Sophos Endpoint Agent?

You can request product support for all issues not related to security detections (such as performance issues or unexpected issues) according to our Support Policy.