This article lists the important security features to enable in Sophos products to help prevent ransomware.
The following sections are covered:
Sophos technologies protect and block malicious files and web traffic used by ransomware. To ensure that your protection works effectively, it is important to configure your solutions correctly.
Note: Make sure to run these changes in a test environment first before implementing them in live environment.
If you manage Sophos Endpoint Security and Control via Sophos Enterprise Console, configure the following settings in the Anti-Virus and HIPS policy of all work stations, file servers and terminal servers.
For a full list of recommended settings and instructions on how to enable them, see: Recommended settings for Anti-Virus and HIPS
If you use Sophos Central managed Endpoint Protection, configure the following Threat Protection settings for all users:
For Sophos Intercept X licensed customers:
If you use Sophos Central managed Server Standard Protection, configure your server as follows:
For Sophos Central managed Server Advance Protection licensed customers:
Configure the Sophos Email Appliance as follows:
Note: If users are following URLs from external, make sure that the Email Appliance is accessible to resolve links: Configuration > Network > Hostname & Proxy.
For Sophos Sandstorm licensed customers:
Configure the Sophos Web Appliance as follows:
Configure the Sophos UTM as follows:
Configure the Sophos XG Firewall as follows:
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.