A multi-year endeavor in the making, the rollout of the next-gen scanning architecture has begun. This is a ground-up rewrite of functionality that touches nearly every aspect of Intercept X and delivers multiple benefits to customers. 

  • Reduced footprint 
    The new architecture significantly reduces the size of the Intercept X agent (memory footprint, services and drivers), while continuing to deliver the incredibly broad feature set that is crucial for stopping the latest threats 
  • Smaller updates 
    Enhancements to the update delivery mechanism mean that the vast majority of updates will be smaller in size, resulting in reduced bandwidth consumption and less disk space consumed on update cache servers 

Customers running the Endpoint Features Early Access Program will have seen these changes throughout the year - we will soon start to rollout this updated agent to all devices. 

Starting in the new year we will make a change to devices running Core agent 2.20.10 that will remove the SAV component and migrate to a new updating infrastructure, SDDS3.
Note: A device running 2.20.10 will not guarantee this change has been made. There are a number of ways to check if a device has been migrated to the new architecture the easiest is to see if the Sophos Anti-Virus component has been removed. This can be done directly on a device, or via Sophos Central by looking at the Component lists for devices.

The new updating URLs are already included in the Central Help documentation here: https://docs.sophos.com/central/Customer/help/en-us/central/Customer/concepts/DomainsPorts.html
The new URLs are https://sdds3.sophosupd.com/ & https://sdds3.sophosupd.net

Note: As we are removing the SAV component you should update any 3rd party integrations that you have that look for the presence of SAV on a device to indicate a protected client. 

  • As will the savonaccess file system filter driver, swi_callout and sdcfilter driver. It’s all good news.

  • Hi Andy,

    No, the changes will not be made at once; registry keys are set that will take affect following a reboot. This is not required, a device will continue to run in its fully protected state with the current architecture until a reboot. 

  • Hi Stephen, thanks for your response. So once you enable this feature will individual devices receive this at their next 60 minute update interval? Kind of hoping my 300+ Server VM's wont try to make these changes all at once during core business hours.



  • Hi Andy, no Controlled Updates allows you to manage the agent release to your devices; but once we have released 2.20.6 or later to the devices we then control the enablement of the new architecture. 



  • Will customers still be able to manage this change via Controlled Updates feature? Once we have 2.20.6 installed will there be a further trigger via Controlled Updates so that we can manage these changes on all devices?

    Can anybody who has tried the new EAP client comment on likely reduction in Memory Footprint please?