Sophos Endpoint

Discussions Can endpoint defense now intercept DSyscall process injection?

Sophos Endpoint requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 2 replies
Subscribers 14 subscribers
Views 2009 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can endpoint defense now intercept DSyscall process injection?

ong！ L 10 months ago

I found that HPMA can already intercept, but sophos doesn't seem to have fusion rules yet

This thread was automatically locked due to age.

Top Replies

Gladys 9 months ago +1

Hi ong！ L , Intercept X can block system calls and process injections. There are some features available based on the attack techniques, which are described here: New Exploit Mitigation Help Sys calls…

0 PhilippRusch 10 months ago

What is HPMA?

I assume you don't mean Hydroxypropyl Methacrylate (HPMA) ?

Mit freundlichem Gruß, best regards from Germany,

Philipp Rusch

New Vision GmbH, Germany
Sophos Silver-Partner

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Gladys 9 months ago

Hi ong！ L ,

Intercept X can block system calls and process injections. There are some features available based on the attack techniques, which are described here: New Exploit Mitigation Help

Sys calls can also be legitimate, for instance, this includes open read and write file operations that are very generic. Sophos interprets these calls only if it's originating from a malicious source. In this case, it can be a malicious code or script.

I hope this helps.

Gladys Reyes

Global Community Support Engineer
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up +1 Vote Down

Cancel