Sophos Endpoint With XDR Live Respone

1 Overview

Sophos Endpoint works as antivirus software, in addition to the main features of security, the endpoint also helps provide tools to control and manage the user’s machine. In which Live Respone is one of the newly launched features of Sophos Endpoint. Today, thegioifirewall will introduce you to the main feature as well as a guide to using Live Respone, one of the new features that has been released and is being used more and more recently.

Live Respone is a feature that is part of the Sophos Endpoint search and support group. Together with Live Discovery, Live Respone allows you to detect and prevent attacks against your devices through Sophos central. Live Discovery uses an interface like the CMD program, you can control remote clients by executing command lines.

2 How to use it

We proceed to turn on the Live response feature by performing the following steps

Go to Overview > Global Settings > Endpoint Protection > Live Response

Here we want to control the Endpoint machine, so we choose the Endpoint Protection item

Enable the Live Response feature to turn it on for all devices. The exclusion section to exclude machines we don’t want to turn on Live Respone

Proceed to perform Live Response. Go to the joystick device and select Live Respone

Fill in the description for the new session you want to create

The Live Respone interface appears and we work with the client machine through the CMD command line. Here, I perform a list of open tasks on this client with the tasklist command. You can close the running tasks with the taskkill command

After the operation is done, we click end session at the bottom to end the Live Response.

3 Check log

We can check the Live Response log by the following way

Go to Logs & Reports.

In the General Logs section, click Audit Logs.

The log table shows information about the time and the person who performed it. You can view the commands that have been run by clicking the See session audit log entry.