Same issue as of 10.6 update. Sophos support stated we can clear the check box for "Detect malicious behavior" to stop this traffic. This does not seem to be correct as this setting is already disabled in one of our A/V policies yet we are seeing traffic coming from those endpoints. For now, we have elected to stop the new Sophos service on the endpoints until we have an way to disable this via Sophos policies.
↧