Sophos Anydesk Page

Two primary threats exist regarding AnyDesk:

AnyDesk is a legitimate tool used by IT professionals for remote support, but it is also frequently abused by attackers to establish or execute ransomware . Sophos has specifically documented cases where ransomware groups like "Mad Liberator" and "AvosLocker" used AnyDesk to bypass security controls by running in Windows Safe Mode. How to Block or Control AnyDesk with Sophos Firewall sophos anydesk

Sophos can safely coexist with AnyDesk. Don’t just disable Sophos – use application control, firewall allowlists, and AnyDesk’s own security to get remote access without the risk. Two primary threats exist regarding AnyDesk: AnyDesk is

This thread was automatically locked due to age. ... Hi, Please post a copy of your application policy. ... If a post solves your ... Sophos Community Show all The Insight: While AnyDesk is a legitimate tool for IT support, Sophos X-Ops frequently observes ransomware actors (like Akira or Rhysida) abusing it for lateral movement. The Risk: Threat actors often automate AnyDesk installations via silent command lines to maintain persistence in a victim's network. Action Plan: Monitor: Set up alerts in Sophos Central for any unauthorised remote access tools. Restrict: Use Application Control to block AnyDesk for all users except authorised IT staff. Secure: If you must use it, enforce Don’t just disable Sophos – use application control,