3CX DLL-Sideloading attack: What you need to know
What is the AV Plugin?
Building on the plugin architecture of the new Server Protection for Linux (SPL) agent, to provide On Demand AV scanning.
The AV plugin uses Machine Learning backed by SophosLabs to detect threats.
When will the AV Plugin be available?
The AV plugin is available now in both the 'New Server Protection and EDR Features' and 'EDR Data Lake - Server' Early Access Programs (EAP).
Once in the EAP you can choose to assign Server Protection to devices running the core agent (EDR/MTR) as shown below:
Tried on SLES 12.5 and SLES 15.1, central shows error Product ServerProtectionLinux-Plugin-AV failed to install, yet when I check central installed components on these linux server endpoints it shows Sophos Linux AntiVirus 1.0.0.520
You might want to
1. Remove Sophos Linux Antivirus from those machines
2. Use the Linux EDR installer on those machines
3. Add Server Protection for Linux by using the Assign functionality, in the central.sophos.com/server/devices/servers[machine-id]/summary page of these machines, when the machines are assigned to one of the EAP's
Worked fine on RHEL7
“First things first, but not necessarily in that order” – Doctor Who
Today we launch our Server Protection anti-virus plugin for all customers,
Is it realtime or still on-demand only?
On Demand; via Command Line, Scheduled Scan or a Scan Now from Sophos Central.https://community.sophos.com/intercept-x-endpoint/b/blog/posts/sophos-protection-for-linux---av-plugin
Ok, so I guess we wait for the capsule8 features to be integrated for this?