I have received answer from Sophos Commerce that the EOL SATC functionality is now included in Intercept X for Server and will be rolled out to different users in phases as of July 1th.
Is there a document outlining the chances in Intercept X?
After the rollout happend, which is not on 01.07, instead the rollout phase will take more time (staging etc.).
Is this done yet? If not when can we expect it and where will Sophos notify everyone?
Hi LuCar Toni,
Can you elaborate on the development road map?
IMHO there are a lot of different functional needs given the many possible situations.
- A Firewall Endpoint Client
To authenticate the user, user's session and endpoint IP adresses (also Remote desktop sessions). If this firewall endpoint client is build into Endpoint X that is fine for Endpoint protection users but users of other SAV vendors should be able to use a Firewall Endpoint Client to authenticate the user.
- An improved STAS
I experienced that STAS will only register 1 user with 1 IP when in fact I was logged onto multiple devices authenticated with the DC. One having a WIFI guest IP adress which was send tru STAS to the XG and therefor blocking me on the XG on all other devices on the LAN. So I am not a fan of STAS. It should be able to allow for multiple user sessions, IP's.
it can be easily replicated by adding a laptop which has a LAN and a WIFI guest connection. If you see only the Live user with Guest IP in the XG than you have a problem.
- A Secure Web Gateway (cloud solution)
The primary focus of Sophos is of course the synchronized Security story. Sophos is mainly investing in features to simplify the deployment of features with components and technology already in place. Therefore it makes sense to implement this feature in the Endpoint.
In fact the Thin client authentication will work for any server, not only terminal serer. Therefore if you protect your DC, it will also be able to authenticate the RDS session coming from a different place.
As we move forward, Customers with the endpoint/server installed, can mainly uninstall STAS and only use Heartbeat for the authentication.
There are plans to rebuild the STAS with other solutions but there are on the backlog.
Is there any news on the SATC functionality? we've a couple of customers desperate for this. Do you happen to know if this will also suffer from the SAM vrs UPN domain name problem that plagues Endpoint? I know there's a plan somewhere to sort that out but not seen any time scale on it.
The version is/will be V2.19.X. Some customer already got this version. Feel free to check your installed server version.
And SATC will use the same mechanism as Intercept X. Therefore you will see the same behavior.
Our terminal server Server Core Agent is now at 2.19.8. Still I don't see any live users from this server in the XG. Only the STAS users.
When we were still at 2.18.x i added these steps: Set the register keys for adding Satc to Intercept X on the RDS, restarted, via the XG console I added the IP of the RDS.
So from which Core Agent version should I expect to see the SATC result from Intercept X on the RDS server?
Should be working. Try to check the registry keys, if they are correct.
checked registry setting, checked threat protection policy has default settings, checked the console - ip already configered, checked Local service ACL - client authentication enabled.
Strangely I don't see any port 6060 traffic from the rds to the XG in the firewall log.
Did you restart the server? Because the service has to be restarted to be loaded.
Check the Central part, if Network Threat Protection is installed.
I will restart later tonight to check.
I repeated the steps at our new RDS server windows 2019. Used a script to add the keys. It works on the new RDS. Saw a difference in the port registry key between the old RDS server which I added manually and the new one. So I removed the keys and added them with the script. Now both show thin client connections in the XG.