SATC functionality in Intercept X for Server

I have received answer from Sophos Commerce that the EOL SATC functionality is now included in Intercept X for Server and will be rolled out to different users in phases as of July 1th.

Is there a document outlining the chances in Intercept X?



Parents Reply
  • Thats what you should discuss with Sales. The SATC Tool will go end of life. The replacement would be a component within the Endpoint Solution of Sophos. The other solution is currently under development to get a direct proxy solution. You could still use a end of life product like SATC but i would not recommend this from a technical and security perspective but the tool is still functional after the EoL date. 


  • Hi LuCar Toni,

    Can you elaborate on the development road map? 

    IMHO there are a lot of different functional needs given the many possible situations.

    - A Firewall Endpoint Client

    To authenticate the user, user's session and endpoint  IP adresses (also Remote desktop sessions). If this firewall endpoint client is build into Endpoint X that is fine for Endpoint protection users but users of other SAV vendors should be able to use a Firewall Endpoint Client to authenticate the user.

    - An improved STAS

    I experienced that STAS will only register 1 user with 1 IP when in fact I was logged onto multiple devices authenticated with the DC. One having a WIFI guest IP adress which was send tru STAS to the XG and therefor blocking me on the XG on all other devices on the LAN. So I am not a fan of STAS. It should be able to allow for multiple user sessions, IP's.

    it can be easily replicated by adding a laptop which has a LAN and a WIFI guest connection. If you see only the Live user with Guest IP in the XG than you have a problem.

    - A Secure Web Gateway (cloud solution)



  • The primary focus of Sophos is of course the synchronized Security story. Sophos is mainly investing in features to simplify the deployment of features with components and technology already in place. Therefore it makes sense to implement this feature in the Endpoint.

    In fact the Thin client authentication will work for any server, not only terminal serer. Therefore if you protect your DC, it will also be able to authenticate the RDS session coming from a different place. 

    As we move forward, Customers with the endpoint/server installed, can mainly uninstall STAS and only use Heartbeat for the authentication. 

    There are plans to rebuild the STAS with other solutions but there are on the backlog. 


  • Hi LuCar

    Is there any news on the SATC functionality? we've a couple of customers desperate for this. Do you happen to know if this will also suffer from the SAM vrs UPN domain name problem that plagues Endpoint? I know there's a plan somewhere to sort that out but not seen any time scale on it.


  • The version is/will be V2.19.X. Some customer already got this version. Feel free to check your installed server version.

    And SATC will use the same mechanism as Intercept X. Therefore you will see the same behavior.