To get the full benefit of your new Intercept X Advanced with EDR licence, customers need to ensure that the setting to Allow computers to send data on suspicious files and network events to Sophos Central is enabled in each of their Threat Protection policies.
One of the key new features delivered in Intercept X Advanced with EDR is the ability to search across an endpoint estate for details on portable executable files that have an uncertain or bad reputation and the network destinations those files have connected to. This will search across all the data that has been sent back to Sophos Central but only from Endpoints that have Threat Protection policies with the Allow computers to send data on suspicious files and network events to Sophos Central feature enabled.
For existing customers who added the EDR license, this feature had been set to “off” in existing policies. Moving forward, Sophos plans to set this policy “on” by default in existing policies.
If you want to be able to use the search capability, you need to allow endpoints to continuously send this data on suspicious files and the network destinations they are connecting to. Enter your Threat Protection policies, click on the Settings tab and in the Remediation section of the policy ensure the policy setting to Allow computers to send data on suspicious files and network events to Sophos Central is enabled, as shown below:
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.