In February 2018, Sophos launched the Intercept X for MacOS for customers using Sophos Central platform. Through the Intercept X license, this additional protection on Mac is available for Mac endpoints running Sophos version 9.7.4 or above. This latest version introduces new capabilities such as enhanced protection against ransomware, Root Cause Analysis and Malicious Traffic Detection.
The following sections are covered:
Applies to the following Sophos product(s) and version(s) Central Mac Endpoint 9.7.4Central Mac Endpoint
Operating systems MacOS
To take advantage of the new Intercept X features, manage endpoint computers from Sophos Central and assign eligible computers to Intercept X. See How to upgrade to the new version for details.
CryptoGuard is a new ransomware protection offered for our Mac product to bring it in line with our Windows product. It is a real-time analysis of the files modified by non-Apple and non-Sophos executable, looking for file encryption behavior that looks like ransomware. When ransomware is detected the running program is blocked from further filesystem modifications and the encrypted files are rolled back to previous unencrypted versions. For further information, check Stop Ransomware with Sophos Intercept X.
Root Cause Analysis brings the Mac Endpoint product into feature parity with the Windows Endpoint. It logs into the Sophos Diagnostic logs and contains list of infection types helping customers to investigate and troubleshoot further. See Sophos Central: Root Cause Analysis overview for additional information.
Malicious Traffic Detection is a new feature that monitors the outbound network connections for user software, checking the destination IP address and URL (if the protocol is HTTP) against the SXL4 reputation database looking for C2 (CnC) servers. You can check from this article the Sophos Malicious Traffic Detection Frequently Asked Questions (FAQ).
Along with the implementation of new features, several enhancements are available during this release. These includes the Mac Next Gen UI which is the New endpoint user interface that uses the new simplified tile based look and feel, following the same as Windows form factor, Endpoint Self Help which is a new tool that examines and displays the internal state of the endpoint software, for easier diagnostics by local administrators and the Update Cache Support which means that Mac Endpoints will now be able to utilize an Updating Cache or Caches defined by the customer.
The computers will then update to the selected software.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.