The same Intercept X features that protect your endpoints are now also activated for the Windows Servers participating in the Server Protection EAP have are now also blocking exploits.

While these features were active in terms of scanning for and detecting of potential exploits, admins have not seen any threats blocked based on these mitigation types. After having run this on your servers in silent mode, we are now confident…

We have opened up the Early Access Program to include Windows Server 2008R2 and later!

For now, the same Intercept X and AMSI features as found in the endpoint will be available, with Intercept X initially only in detection mode, not blocking. (Update: Note that meanwhile these features are now also set to block exploits).

The AMSI interface is available on Windows Server 2016 and Windows Server 2019.

Devices with…

Hi everyone, 

There are new set of features available in the Sophos Endpoint Self Help tool. Here's a link for FAQs regarding Endpoint Self Help tool and please follow the link below for more details: 

Hi Community,

Sophos Anti-Virus version 9.9.6 for macOS has been released. This release has the fix for the below issues.

1. Resolved an intermittent failure where web pages may fail to load.

2. Improved memory usage when Threat Case creation is enabled.

3. Resolved an issue with modified permissions on the man8 directory when using disk encryption.

4. Improved support for macOS 10.15 Catalina when using MDM profiles…

Sophos EDR enabled devices are continually capturing data related to process, file, network and other system activity. EDR licensed customers have the ability to generate a forensic snapshot on demand where all activity being monitored is packaged up and made available so that customers can do a detailed analysis on this data. In the past, after a forensic snapshot was generated, admins would need to retrieve the snapshot…

A few weeks ago we updated your machines in the EAP with four new Intercept X exploit mitigation types.

While these features were active in terms of scanning for and detecting of potential exploits, users have not seen any threats blocked based on these mitigation types. After having run this on your machines in silent mode, we are now confident to start blocking detections of these exploits.

As a reminder, these are the…

Starting tomorrow, we’ll extend the Early Access Program for Enhanced Protection with some new Intercept X features for you to test. Four new mitigation options will be added to endpoints that are participating in the EAP. 

All four new mitigation options can individually be switched off or on – but as with other EAP features, they’ll be on by default. However, you will not yet see any detections based…

Hi Community,

Sophos Anti-Virus version 9.9.5 for macOS has been released. This release contains improved support for macOS 10.15 Catalina.

For more information, please refer the released notes:

That's right, somehow I'm still employed here at Sophos (at least for now)! I'd like to thank the Web team for letting me know our blog supports GIFs and I'd like to apologize for not following your guidance to "use them sparingly". Let's just say there's a lesson to be learned here... Don't tell Greg about the nice things - he's not allowed the nice things.

Did anyone know…

After enhancing the Threat Indicators features since it was made available to Intercept X Advanced with EDR and Intercept X with EDR for Server customers in July, Sophos has now declared the feature Generally Available.

Threat Indicators solves the #1 most requested feature for EDR users – knowing where to start an investigation.  Now admins will utilize a prioritized list of the most suspicious activity, so they…

We are pleased to announce that the new EAP that introduces AMSI Protection and Malicious Network Traffic Protection (IPS) is now open.

Check out the attached slides, or watch this video to find out how to join.

For questions and feedback, please visit the Feedback and Issues forum

Can the best get any better? We sure think so! Our teams have been working hard to add new protection focused features to Central Windows Endpoint & Windows Server. The Early Access Program is due to launch in late October, the full list of included products can be found later in this blog post.

Sophos Network Threat Protection just got better! We're adding Malicious Network Traffic Protection with Packet Inspection…

Customers of Intercept X Advanced with EDR and Intercept X with EDR for Servers will see a new Threat Indicators feature available in their Central Threat Analysis Center.

Threat Indicators solves the #1 most requested feature for EDR users – knowing where to start an investigation.  Now users will utilize a prioritized list of the most suspicious activity, so they know what needs to be investigated and how urgently…

Intercept X Advanced for Server with EDR is now available. With this update we bring the EDR capabilities from our Endpoint Protection to Windows Servers.

You can add EDR today to report on your security posture any time, detect attacks that went unnoticed, and understand the scope and impact of security incidents. 

Existing Customers: You will be able to start a trial from the Free Trials section of Sophos Central in two…

Intercept X Advanced with EDR 1.1 is now available. With this latest update, EDR enabled devices will now start to capture and allow searching for the execution of good admin tools which can be used for malicious purposes. To begin with we’ll be supporting PowerShell executions and will look to add support for new admin tools over time. Analysts now have the ability to track down malicious executions that otherwise may…

All of the tasty EDR goodness you know and love from Intercept X Advanced with EDR is coming soon to Windows Servers. If you want to get a sneak peak see here to get details on joining the early access program.

After the closure of the Early Access Program (EAP) for our endpoint EDR capabilities we are happy to announce that we have commenced a new EAP giving access to Server EDR capabilities. Check out this post for more detail.

Fakedrop is a fake malware dropper to help you safely simulate some suspicious and malicious activity on Sophos Intercept X protected endpoints without fear of causing a malware outbreak. This also means the tool is only for use with our products and not competitors. The code is quick and dirty however it helps get the job done.

It's designed to be run one or more machines protected by Intercept X (with the Advanced with…

On January 31st the Intercept X Advanced with EDR Early Access Program (EAP) will be closing down. From January 21st the EAP will be closed to new customer registrations and no new endpoints can be assigned to the Early Access Program for existing customers who have joined the EAP.


What will the experience be for customers coming out of the Early Access Program on January 31st?

For customers who had joined the Early Access…

One of the key new features delivered in Intercept X Advanced with EDR is the ability to search across an endpoint estate for details on portable executable files that have an uncertain or bad reputation and the network destinations those files have connected to. This will search across all the data that has been sent back to Sophos Central but only from Endpoints that have Threat Protection policies with the ‘Allow computers…

Now that the Intercept X Advanced with EDR offering is now available for purchase, we wanted to provide Early Access Program customers some best practices for migrating from the Early Access Program to an Intercept X Advanced with EDR license for those who have made the decision to purchase.

Migration Steps:
 
1. Apply the Activation code for the “Intercept X Advanced with EDR” license on the Licensing page in Sophos Central…

Another round of updates have been released as part of the Endpoint Detection and Response early access program. The latest new enhancements include:

Threat Search to now support Network Events:

The endpoint will be enhanced so that on top of tracking and sending metadata to Sophos Central on detected or suspicious portable executable files, it will also now start to track network connections to IP addresses and domains…

Deep Learning Malware Analysis is now available as part of the Intercept X Advanced with EDR Early Access Program.  When clicking on a file you can now submit it to SophosLabs to receive the latest threat intelligence, driven by our deep learning malware analysis engine.  This exciting feature automatically analyzes malware in extreme detail, breaking down file attributes and code and comparing them to millions of other…