Hi all,
We are releasing a new policy setting to all customer on the w/c 2nd November, 'Track Network Connections'. This will be in the Advanced Settings section of the Threat Protection policy
We plan to enable this new feature gradually over four weeks; it will help our detection of malicious behavior by allowing our rules to monitor network flows. There is nothing you need to do for this enablement, however, if you wish to control its activation, you should disable the feature in policy. You can then control its activation as the next time it is set in policy, it will be enabled for devices which that policy applies to.
Indirectly; we record information about the start of TCP and UDP ‘network flows’ from an endpoint, for use with the features mentioned above
I agree with this!
Hi, does this track lateral network connections between endpoints?
Hi Vinita, the reboot notification is likely due to an Intercept X update, it will not be related to this change - this is a policy change only The settings are in the Sophos Central policy pages, there is no local UI policy for this
I just received a reboot notification on my desktop. How do I confirm this is the same information? Also, where do I find the Advanced Settings information as demonstrated above? I do not see this on my desktop user interface. Thanks.