Synchronized Application Control (SAC) is an extension of Application Control (AC), therefore, AC has to be enabled in the firewall rule controlling the traffic. Every application that utilize TCP connection and is related to an executable, is reported by the endpoint. Clients need to install endpoint protection or intercept X or both, then attend the Early Access Program (EAP) if needed. Only connections that are not known by the IPS application control are reported by SAC.
This article illustrates a detailed description on how to configure Synchronized Application Control.
Sophos Central Account is needed to enable SAC. The SAC feature on the Sophos XG Firewall receives information from the endpoints via the heartbeat, therefore, security heartbeat feature is needed.
Please refer to Sophos XG Firewall: How to enable Security Heartbeat for detailed instructions on how to enable security heartbeat. A valid network protection and endpoint subscription are needed for this feature to be enforced.
The following sections are covered:
Applies to the following Sophos products and versions Sophos Firewall
After registering the Sophos XG Firewall with a Central Account, go to Central Synchronization and enable Synchronized Application Control. You will be prompted that the Security Heartbeat is required for this feature, click OK.
As soon as the Sophos XG Firewall receives the next heartbeat, the applications not known to the IPS application control are listed in synchronized application control under Applications > Synchronized Application Control.
Applications detected can then be customized by providing an appropriate name and category.
Appropriate policies can then be enforced based on the application category.
In addition to the enhancements provided in v17.1, Synchronized App Control adds the much-requested ability to display Windows and Mac system applications in a separate list, to better focus on user-driven applications.
You can also hide applications, then use a new filter option to view hidden applications and unhide apps.
There’s also a new option to mark applications as seen to remove them from the “new” list.
Enhancements have also been made to how path names are displayed.
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.