Sophos Server Protection for Linux - AV Plugin

What is the AV Plugin?

Building on the plugin architecture of the new Server Protection for Linux (SPL) agent, to provide On Demand AV scanning.

The AV plugin uses Machine Learning backed by SophosLabs to detect threats.

When will the AV Plugin be available?

The AV plugin is available now in both the 'New Server Protection and EDR Features' and 'EDR Data Lake - Server' Early Access Programs (EAP).

Once in the EAP you can choose to assign Server Protection to devices running the core agent (EDR/MTR) as shown below:

Top Replies

j0hnV over 2 years ago in reply to RaveNet +1

You might want to 1. Remove Sophos Linux Antivirus from those machines 2. Use the Linux EDR installer on those machines 3. Add Server Protection for Linux by using the Assign functionality, in the…

RaveNet over 2 years ago

Tried on SLES 12.5 and SLES 15.1, central shows error Product ServerProtectionLinux-Plugin-AV failed to install, yet when I check central installed components on these linux server endpoints it shows Sophos Linux AntiVirus 1.0.0.520
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel
j0hnV over 2 years ago in reply to RaveNet

You might want to

1. Remove Sophos Linux Antivirus from those machines

2. Use the Linux EDR installer on those machines

3. Add Server Protection for Linux by using the Assign functionality, in the central.sophos.com/server/devices/servers[machine-id]/summary page of these machines, when the machines are assigned to one of the EAP's

Worked fine on RHEL7

“First things first, but not necessarily in that order” – Doctor Who
Cancel
Vote Up +1 Vote Down

Sign in to reply

Cancel
StephenMcKay over 2 years ago

Today we launch our Server Protection anti-virus plugin for all customers,
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel
RaveNet over 2 years ago in reply to StephenMcKay

Is it realtime or still on-demand only?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel
StephenMcKay over 2 years ago in reply to RaveNet

On Demand; via Command Line, Scheduled Scan or a Scan Now from Sophos Central.

https://community.sophos.com/intercept-x-endpoint/b/blog/posts/sophos-protection-for-linux---av-plugin
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel
RaveNet over 2 years ago in reply to StephenMcKay

Ok, so I guess we wait for the capsule8 features to be integrated for this?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel