Auto unblock randsomware in Sophos Cemtral

Hello Bedrich,

Thank you for reaching out to the Sophos Community. 

There has recently been an EAP announced that includes updates for InterceptX. 
- Intercept X updates in the Early Access Program

The EAP announcement details the ability to change the options from "Isolate" to "Terminate Process." Let me know if this is the functionality you were looking for. 

Hi Kushal, I see this functionality  : This setting only applies to servers you add to the New Server Protection Features EAP. Join the EAP now

But I don't know meaning of this items

Terminate process - block  process, but   CryptoGuard unblocked process C:\Users...... after 8 hours without adminstrator's action

Isolate process - what happends after 8 hour without adminstrator's action?

Thanks

I was able to get some clarification on this point. It looks like the options to change "Isolate vs Terminate" will only be relevant for Local Cryptoguard detections.

Remote Cryptoguard detections will continue following the same behavior in blocking the IP for a period of 8 hours. It looks like it’s not possible to change this.

I was able to get some clarification on this point. It looks like the options to change "Isolate vs Terminate" will only be relevant for Local Cryptoguard detections.

Remote Cryptoguard detections will continue following the same behavior in blocking the IP for a period of 8 hours. It looks like it’s not possible to change this.