Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Jacobsa last won the day on January 28 2019

Jacobsa had the most liked content!

Community Reputation

18 Good

1 Follower

My Information

  • Location
    Sydney, Australia
  • Agent Count
    3000 - 4000 Agents

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hey mate, so what issues you having with Sophos deployments when you say you need to fix them? We have the same if not more endpoints and are not seeing them fail, so keen to know what you are seeing. In regards to the suspicious health status, where are you seeing that? Do you mean within Sophos Central or on the endpoint itself? We are just starting to look at options now. Ben Verschaeren has put some stuff up on Git here to interface with the Partner CLI. https://github.com/0xBennyV - @Gavsto tagging you just FYI as well in the event you wanted to play with the Central API.
  2. I had to build this up for a client a while back, they dont use it anymore so I cant give live advice, but have a look here: https://forums.connectwise.com/community/f/connectwise-automate/41642/virus-scan-configuration-for-carbon-black-cb-defense
  3. If it helps, we took the approach of just deleting the Defender definitions. We use sophos, so if only Defender is there and not sophos, then we consider that as missing AV.
  4. Holding back a month would be a solid theory if they didnt release bugs into every single release and then take three to six months to fix them. Its a vicious circle the current patch model. I'd still love if they would adopt the Manage model and get their releases right quarterly then fix the bugs in-between.
  5. Hit up the agents table in the database. Filter on what you want to remove and bin them.
  6. You ever get to update this @markwiater
  7. Cheers bud, that fixed it up.
  8. Any chance you can post that as a file? Copying and pasting is giving errors, and I think its the formatting coming from the forums.
  9. Hey there, great looking plugin. Is this able to handle local accounts on machines? For example the creation / password rotation of a local user account on all workstations?
  10. Perhaps a remote powershell monitor using get-winevent you will be able to filter down to what you want and only look back xx number of hours or minutes for the event. For example you could play with this to suit your needs. "%windir%\system32\WindowsPowerShell\v1.0\powershell.exe" -command "& {$evtFilter=@{'StartTime'=$([datetime](Get-Date).AddHours(-24)); LogName='Application'; ID=(1511);}; (Get-WinEvent -FilterHashTable $evtFilter -MaxEvents 1 -EA 0 | Select-object -Property * | out-string).Trim()}"
  11. Love the drive models for SSD's. If anyone has any others they know of, keep em coming!
  12. I went from v12 p10 to 2019.1, havent had any .Net issues or needed to factor anything around .net, so whatever I had on my agents before that patch was fine on that patch after. That said, just hold off p12 or 2019.1 for now. 2019.1 is stable, but 2019.2 is just around the corner and you will absolutely want to wait for it.
  13. Thanks for this Ian. Identifying things like this and releasing workarounds to the community make all the difference rather than waiting months for it to come through in a patch, so I just wanted to take the time to say thanks and if more things like this can be done for known issues, it will change the perception of 'ticket logged, see something in a few months hopefully'. So once again, thanks. Very much appreciated.
  • Create New...