Browse Docs
ONLINE DOCUMENTATION

Excluding DefensX on Sophos Central

Overview

If users are reporting unexpected login prompts from DefensX and are unable to browse the internet until signing in, the issue may be related to interference from Sophos endpoint protection software. This document outlines the root cause, symptoms, and recommended steps to resolve the conflict.

Symptoms:

  • Users are prompted to sign into DefensX unexpectedly

  • Internet access is restricted until login is completed

  • Affects multiple users across different tenants

  • DefensX Agent was previously functioning normally

Root Cause

DefensX Agent rely on background processes and secure internet access to operate properly. Some versions of Sophos, particularly unmanaged or outdated retail versions, have been observed to block or interfere with DefensX processes after a period of time. In particular:

  • Sophos versions using 3-number formats (e.g., 22.x.x) consistently cause issues

  • Older 4-number versions (e.g., starting with 2023) may also interfere

Recommended Fixes

  • Ensure Proper Enrollment in Sophos Central

    • Verify that affected endpoints are enrolled in your organization’s Sophos Central portal.

    • Systems running consumer or unmanaged editions should be removed and reinstalled under managed control.

  • Update Sophos to a Supported Version

    • Use versions starting with 2024.x.x.x or newer to minimize compatibility issues.

    • Remove legacy builds that follow outdated version formats.

  • Add Exclusions for DefensX in Sophos Central

    • Login to Sophos Central

    • Navigate to: Global Settings → Global Exclusions

sophos central

  • In File or Folder Exclusion, add the full path to the DefensX Agent installation directory

sophos add exclusion

  • Select the Exclusion Type as File or Folder (Windows) and add the specific path of the DefensX software to the Value Section.

sophos folder

  • Click Add Another for the next step of selection for Website Exclusion.

  • In Website Exclusion, add relevant DefensX URLs and services (e.g., backend APIs, licensing servers)

sophos website

Click Save and ensure the policy applies to all affected devices.
Secure Industries, Inc 101 Avenue of The Americas, Floor 9 New York, NY 10013