The latest version of Intercept X features the addition of a Deep Learning malware detection engine as well as several new and updated anti-exploit features focused on active adversary protection. For full details of the new capabilities read What’s New in Sophos Intercept X.
Deep Learning, an advanced form of machine learning, is able to detect whether a file is malicious or a potentially unwanted application (PUA) without having ever seen it before. Convicted files will be quarantined pre-execution, meaning they do not need to run. This happens automatically and instantly without the need to request a file scan.
The latest release of Intercept X includes new and enhanced exploit prevention techniques. These include code cave detection to stop malicious code hidden inside legitimate applications and application procedure call (APC) abuse prevention to eliminate the techniques used to spread ransomware in attacks such as WannaCry and NotPetya. New protections against malicious process migration, process privilege escalation and application verifier protection were also included. We recommend testing the features out before widely deploying. First, turn the features on for a limited set of machines. Once you receive feedback from your testing, whitelist any files that may have been inaccurately labeled as malicious or potentially unwanted. Afterwards, test on a deployment machine and roll out to your environment. As part of the testing, we also recommend enabling the new deep learning functionality, as well as the active adversary controls, available in Central if you have not done so already.
The following sections are covered:
By 26th of February, all customers will have the ability to turn on the new Deep Learning and anti-exploit features. By default, the new anti-exploit features will be turned off for all customers. Sophos recommends testing these new anti-exploit functionality before its full deployment. Deep Learning will automatically be enabled for new customers and those who were in the Early Access Program (EAP). Existing customers can enable Deep Learning in the Admin console.
Prior to the software being deployed on endpoints, you will have a new Deep Learning policy control option. Enable the Deep Learning setting so that when the software is deployed on your endpoints Deep Learning protection will be activated.
Prior to the software being deployed on your endpoints, you will have a new Deep Learning policy control option. It will be set by default to Sophos Managed (Off). If you change the policy, there will be no change to how it appears in the UI. This setting is also not controlled by the Use recommended settings option.
By the 26th of February, you will be able to turn on the new anti-exploit protection by enabling the settings in the threat protection policy. It will be set by default to Sophos Managed (Off). If you change the policy, there will be no change to how it appears in the UI. This setting is also not controlled by the Use recommended settings option.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable for us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.