Sophos Intercept X For Server

by



  1. Sophos Intercept X Linux
  2. Sophos Intercept X For Server Download
  3. Sophos Intercept X For Server Additional Features
  4. Sophos Intercept X For Server Free
Sophos Intercept X For ServerEndpoint

If you have an Intercept X Advanced for Server license, you'll see options in your threat protection policy in addition to the standard Server Protection options.

Sophos Intercept X Linux

Intercept X is managed via Sophos Central, the intuitive cloud-based platform for all your Sophos solutions. It’s one console to manage your endpoints, servers, mobiles, firewalls, and more. Microsoft uses siloed management tools for its security solutions, necessitating the use of multiple consoles to manage protection, detection, and response. Allow servers to send data on suspicious files, network events and admin tool activity to Sophos Central: This sends details of potential threats to Sophos. Ensure it's turned on in any policy for servers where you want to do threat searches. Note You must have Intercept X Advanced with EDR for Server.

Runtime Protection

Restriction You must join the Early Access Program to use some options.

Runtime protection protects against threats by detecting suspicious or malicious behavior or traffic on endpoint computers.

  • Protect document files from ransomware (CryptoGuard): This protects document files against malware that restricts access to files and then demands a fee to release them. You can also choose to protect 64-bit computers against ransomware run from a remote location. You can choose what action you want to take if ransomware is detected. You can terminate any ransomware processes that are running, or you can stop any ransomware processes from writing to the filesystem by isolating them.
  • Protect from master boot record ransomware: This protects the computer from ransomware that encrypts the master boot record (and so prevents startup) and from attacks that wipe the hard disk.
  • Protect critical functions in web browsers (Safe Browsing): This protects your web browsers against exploitation by malware.
  • Mitigate exploits in vulnerable applications: This protects the applications most prone to exploitation by malware. You can select which application types to protect.
  • Advanced exploit mitigation settings:
    • Prevent credential theft: This prevents the theft of passwords and hash information from memory, registry, or hard disk.
    • Prevent code cave utilisation: This detects malicious code that's been inserted into another, legitimate application.
    • Prevent APC violation: This prevents attacks from using Application Procedure Calls (APC) to run their code.
    • Prevent privilege escalation: This prevents attacks from escalating a low-privilege process to higher privileges to access your systems.

    We recommend testing these settings before you apply the policy to your servers.

  • Protect processes: This helps prevent the hijacking of legitimate applications by malware. You can choose to:
    • protect against process replacement attacks (process hollowing attacks).
    • protect against loading .DLL files from untrusted folders.
  • Enable CPU branch tracing: CPU malicious code detection is a feature of Intel processors that allows tracing of processor activity for detection. We support it on Intel processors with the following architectures: Nehalem, Westmere, Sandy Bridge, Ivy Bridge, Haswell, Broadwell, Goldmont, SkyLake, and Kaby Lake.

    We don't support it if there is a (legitimate) hypervisor on the computer.

Deep Learning

Deep learning uses advanced machine learning to detect threats. It can identify known and previously unknown malware and potentially unwanted applications without using signatures.

Remediation

  • Enable Threat Case creation: Threat cases let you investigate the chain of events in a malware attack and identify areas where you can improve your security.
  • Allow servers to send data on suspicious files, network events and admin tool activity to Sophos Central: This sends details of potential threats to Sophos. Ensure it's turned on in any policy for servers where you want to do threat searches.
    Note You must have Intercept X Advanced with EDR for Server to use this option.
    Restriction You must turn this option on in both Endpoint and Server Protection to use Intercept X Advanced for Server with EDR.

Components Updated

Sophos Intercept X For Server
Components and their version numbers by release. The second column contains the latest release.
Sophos Intercept X

Windows 7 and later

2.0.20

February 2021

2.0.19

January 2021

2.0.18

October 2020

2.0.17

May 2020

2.0.16

November 2019

2.0.15.2

September 2019

2.0.15

July 2019

2.0.14.1

July 2019

2.0.14

February 2019

2.0.13

February 2019

2.0.12

January 2019

HitManPro.Alert3.8.1.5043.8.0.5233.8.0.5233.7.17.3213.7.15.4463.7.14.403.7.13.14603.7.12.4663.7.12.4663.7.12.4543.7.10.762
Machine Learning Engine1.7.0.191.7.0.191.5.31.5.31.5.31.2.131.2.131.1.2021.1.2021.1.2021.1.202

Sophos Intercept X For Server Download

Other release notes

You should also read the Sophos Core Agent release notes. They cover the changes, resolved issues and known issues for the core components.

For

Sophos Intercept X For Server Additional Features

For information about the changes to the Sophos Core Agent, see the Sophos Core Agent release notes.

Intercept

For information about the changes to Sophos Endpoint Advanced, see the Sophos Endpoint Advanced release notes.

Sophos Intercept X For Server Free

For improvements and new features in Sophos Central, see What's new in Sophos Central.