I found that HPMA can already intercept, but sophos doesn't seem to have fusion rules yet
This thread was automatically locked due to age.
I found that HPMA can already intercept, but sophos doesn't seem to have fusion rules yet
Hi ong! L ,
Intercept X can block system calls and process injections. There are some features available based on the attack techniques, which are described here: New Exploit Mitigation Help
Sys calls can also be legitimate, for instance, this includes open read and write file operations that are very generic. Sophos interprets these calls only if it's originating from a malicious source. In this case, it can be a malicious code or script.
I hope this helps.
