This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intercept X with Security VM

Hi,

 

I'm implementing Sophos SecurityVM into an ESXi environment on multiple hosts. The documentation of Sophos SecurityVM states that this is a full Anti-malware, Anti-virus and Anti-spyware product.

My question is, is Intercept X included as part of this protection?

If I install the full Sophos Endpoint solution on all VM's individually, then we would get the Intercept X protection, but it seems this protection is not there with Security VM. If this is the case, what is the advantage of SecurityVM over the full Sophos Endpoint product?

 

Kindest Regards

Dave S. Chunilal



This thread was automatically locked due to age.
  • Hello Dave Chunilal.

    Please have a look at this document regarding Sophos for Virtual Environments

    The startup guide covers the protection (real-time scanning) offered and how to test it. Relevant sections:
    8 Check that guest VMs are protected......................................................................................19
    8.1 Check the protection settings...................................................................................19
    8.2 Test real-time scanning.............................................................................................19
    8.3 Troubleshoot real-time scanning...............................................................................20

    Here's further info about Sophos for Virtual Environments: Frequently Asked Questions

    If you are trying to determine which product will work best for your setup, then I recommend reaching out to a Sophos Partner, as they are better equipped to answer those questions and assist you.

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • Hi Barb,

    Thanks for your response. The links you have supplied are the ones that I have already gone through. All the checks on the installation are successful as are the tests for real time scanning.

    I was more concerned on whether Intercept X was part of the offering of Security VM or whether it is best to install full blown endpoint on the VM's.

    Kind regards

    Dave S. Chunilal

  • Hi Dave,

    Using SVE and the SVMs, allows for off board anti-malware scanning only, it does not include the Intercept X features. I believe the team are looking at providing an option to run Intercept X alongside SVE but until this is supported you would need to deploy the full agent to benefit from the Intercept X features.

    Regards,

    Stephen

  • Hello Dave S. Chunilal,

    [I'm neither Sophos nor a partner]
    what is the advantage of SecurityVM
    as the FAQs say, it reduces the performance overhead on Guest Virtual Machines. You might think that while overhead is reduced on the GVMs the total resource consumption could even increase as scanning has to be performed anyway and offloading induces additional overhead. Savings come from caching - the SVM can immediately return the results for a file it has already scanned - and advanced caching - GVMs can share information on scanned files so that a GVM doesn't have to send a file that has already be scanned on behalf of another GVM and found clean to its SVM.
    Of course the actual gain depends on the number of GVMs and the portion of identical files accessed by them.

    is Intercept X included
    as Stephen has said, no(t yet). While Intercept X can be installed alongside (any) "classic" AV (and thus also SVE) a consistent management is the challenge.
    Basically Intercept X monitors what's going on on a machine - this can't be offloaded or delegated to the SVMs. Of course it offers additional protection, whether it is "necessary" depends on the exposure of the VMs and potential impact of malware.

    Christian

  • Hi Christian,

     

    Thanks for this.

    Based on what Stephen has said, I'm not sure that Intercept X can be installed independently on the VM's alongside GVM, or have I misunderstood this?

    I see the advantages of SVM and GVM, but since all VM's will have access to emails, we run the risk of being hit by ransomware across any of the VM's hence wanting to have Intercept X on all the VM's also.

     

    KR

    Dave S. Chunilal

  • Hi Dave,

    Intercept X can be installed alongside 'traditional' AV as Christian states; however we do not support Intercept X running on a GVM running SVE currently, we are looking to add support for their co existence later this year. 

    Regards,

    Stephen

  • Hi Stephen,

     

    Thanks for this. It has been decided to uninstall the GVM and install the full version of Endpoint Protection.

     

    KR

    Dave S. Chunilal