Sophos Community
  • User
  • Help
  • Site
  • Search
  • User
  • All Groups
  • Knowledge Base
  • Community Blog
  • Member Recognition
  • More
  • Cancel

Knowledge Base

  • Advisories
  • +CyberoamOS
  • +Data Control and DLP
  • Email Appliance
  • +Endpoint Security and Control
  • +Free Tools
  • +General
  • +Mobile
  • +PureMessage
  • +Reflexion
  • +SafeGuard encryption
  • +Server protection
  • +Sophos Central
  • Sophos Clean
  • Sophos Home
  • +Sophos UTM 9
  • Web Appliance
  • +XG Firewall
Tweets by SophosSupport

Intercept X 2.0: What's new

  • Article ID: 127942
  • Updated: 4 Dec 2019
  • 2 people found this helpful
  • Available in: English | Español | Italiano | 日本語 | Français | Deutsch

Overview

The latest version of Intercept X features the addition of a Deep Learning malware detection engine as well as several new and updated anti-exploit features focused on active adversary protection. For full details of the new capabilities read What’s New in Sophos Intercept X.

Deep Learning, an advanced form of machine learning, is able to detect whether a file is malicious or a potentially unwanted application (PUA) without having ever seen it before. Convicted files will be quarantined pre-execution, meaning they do not need to run. This happens automatically and instantly without the need to request a file scan.

The latest release of Intercept X includes new and enhanced exploit prevention techniques. These include code cave detection to stop malicious code hidden inside legitimate applications and application procedure call (APC) abuse prevention to eliminate the techniques used to spread ransomware in attacks such as WannaCry and NotPetya. New protections against malicious process migration, process privilege escalation and application verifier protection were also included.

We recommend testing the features out before widely deploying. First, turn the features on for a limited set of machines. Once you receive feedback from your testing, whitelist any files that may have been inaccurately labeled as malicious or potentially unwanted. Afterwards, test on a deployment machine and roll out to your environment.

As part of the testing, we also recommend enabling the new deep learning functionality, as well as the active adversary controls, available in Central if you have not done so already.

The following sections are covered:

  • How to enable new features
    • How to enable Deep Learning for EAP and new customers
    • How to enable Deep Learning for existing customers
    • How to check if Deep Learning is enabled locally
    • How to enable new Anti-Exploit Features
  • Related information
  • Feedback and contact

How to enable new features

By 26th of February, all customers will have the ability to turn on the new Deep Learning and anti-exploit features. By default, the new anti-exploit features will be turned off for all customers. Sophos recommends testing these new anti-exploit functionality before its full deployment. Deep Learning will automatically be enabled for new customers and those who were in the Early Access Program (EAP). Existing customers can enable Deep Learning in the Admin console.

How to enable Deep Learning for EAP and new customers

Prior to the software being deployed on endpoints, you will have a new Deep Learning policy control option. Enable the Deep Learning setting so that when the software is deployed on your endpoints Deep Learning protection will be activated.

  1. From the Sophos Central Admin Dashboard, choose Policies.

  2. Select SETTINGS.

  3.  Turn on the Enable Deep Learning feature.

  4. Choose Use recommended settings.

  5. Click the Save button.

How to enable Deep Learning for existing customers

Prior to the software being deployed on your endpoints, you will have a new Deep Learning policy control option. It will be set by default to Sophos Managed (Off). If you change the policy, there will be no change to how it appears in the UI. This setting is also not controlled by the Use recommended settings option.

  1. From the Sophos Central Dashboard, choose Policies.

  2. Click SETTINGS.

  3. Click the drop down arrow for New: Deep Learning  then select ON to activate Deep Learning.

  4. Click the Save button.

How to check if Deep Learning is enabled locally

  1. Launch the Sophos Endpoint installed on your endpoint.
  2. Click the Admin Login button to enter the Tamper Protection password.
  3. Check the endpoint UI settings and see if Deep learning is enabled.

How to enable new Anti-Exploit Features

By the 26th of February, you will be able to turn on the new anti-exploit protection by enabling the settings in the threat protection policy. It will be set by default to Sophos Managed (Off). If you change the policy, there will be no change to how it appears in the UI. This setting is also not controlled by the Use recommended settings option.

  1. From Settings of the Threat Protection policy, you will see the New: Active Adversary Mitigations feature:

  2. From the New: Active Adversary Mitigations drop down menu select Custom to display the mitigation settings:

  3. Select the mitigations you want to enable.

  4. Click the Save button.

Related information

  • Sophos Central: Component installation options for Endpoint Protection Windows clients
  • Sophos Endpoint: How to disable Tamper Protection

Feedback and contact

If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.
This is invaluable for us to ensure that we continually strive to give our customers the best information possible.

Article appears in the following topics
  • Endpoint Security and Control
  • Sophos Central > Endpoint protection
  • Sophos Central > Intercept X

Did this article provide the information you were looking for?

Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.

  • Submit
Sophos Footer
  • T&Cs
  • Help
  • Cookie Info
  • Contact Support

© 1997 - 2019 Sophos Ltd. All rights reserved.