what is the feature or Point in Sophos Endpoint Protection client called Device Hardening

We found new point under administrative Access on our clients called Device Hardening (Gerätehärtung). Can anyone help me to find out what it is.

What did this setting do? Can we adjust it? What is the hardening in detail?

many thanks for your help



Added tags
[edited by: Gladys at 3:15 AM (GMT -7) on 30 May 2024]
Parents
  • Hi  ,

    Thank you for reaching out to the Sophos Community Forum.

    The "Device Hardening" refers to protection while in Safe Mode. Attackers commonly abuse legitimate operating system functionality as part of their attacks. Our goal is to reduce the opportunity for attackers to use them, for example by preventing actions that are rarely needed in legitimate business workflows.

    Currently, when a device is in safe mode, most Sophos Intercept X protection functionality is disabled. However, with the release of Core Agent 2023.2, we are implementing a new functionality called 'Protection in safe mode', which provides some protection features in safe mode.

    Enabling this setting will allow Sophos to run our services and drivers even while in Safe mode. You can also find this option in the Threat Protection policy and by default, is disabled and only applied on devices on Core Agent 2023.2 or later.

    I hope this answers your question.

    Gladys Reyes
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply
  • Hi  ,

    Thank you for reaching out to the Sophos Community Forum.

    The "Device Hardening" refers to protection while in Safe Mode. Attackers commonly abuse legitimate operating system functionality as part of their attacks. Our goal is to reduce the opportunity for attackers to use them, for example by preventing actions that are rarely needed in legitimate business workflows.

    Currently, when a device is in safe mode, most Sophos Intercept X protection functionality is disabled. However, with the release of Core Agent 2023.2, we are implementing a new functionality called 'Protection in safe mode', which provides some protection features in safe mode.

    Enabling this setting will allow Sophos to run our services and drivers even while in Safe mode. You can also find this option in the Threat Protection policy and by default, is disabled and only applied on devices on Core Agent 2023.2 or later.

    I hope this answers your question.

    Gladys Reyes
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children
No Data