This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos InterceptX running on a server

We recently bought Sophos InterceptX and have installed it on all of the clients to protect them from threats. My question is this server is a file server and I don't know how the program would work on the server as it is hosting all of the files. Does anyone have any experience in this situation. The server is Microsoft Server 2012.



This thread was automatically locked due to age.
  • Hello, Intercept technology hasn't been released for Server OS's yet.  I think it will be here in a couple weeks.  But with this, you will need a "Server Advanced" license and then you'll be able to enable the Anti-Ransomware feature.  Hope that helps.

     

    Thanks

     

    ~Dan~

  • I'm not seeing the feature either. My sales person said a few weeks, that was a few months ago

  • Any Update to this Sophos? We won't adopt till this is enabled, we currently run all user VDI's on Server 2008 R2.

    Steve.

  • +1 for this.

    It have been promised for a while now. I really hope it will support terminal servers as we have seen several occurrences of infections on these this lately.

  • Are there any updates out now about Intercept X for Servers?

  • Hi gang,

     

    I am also wondering about this.

    The reason I ask is that if we have Sophos running on a server with Intercept X, then in the policy, under "Real-time Scanning - Local Files and Network Shares", should the setting here be set to just "Local" instead of "Local and Remote"?

    It would make more sense to have Sophos installed on a server and clients with "Local" set, as right now, with "Local and Remote", several clients accessing the file would also be passing AV information through the network connections.

    Sophos being installed on a server and set to local scans, along with the clients set to local scans, would mean that the shared files would be scanned locally, and there wouldn't be as much AV info traversing the network.

     

    Just my thinking - but I stand to be corrected! ;)

  • Sophos needs to update theire Database. I was looking around for new informations and found 3 different sources on theire page with different informations about Intercept X for Servers.

    In the German specs. Cyrptoguard is only available for Central Server Protection Advanced

    In the english specs. Cryptoguard is availabe for Central Server Protection Advanced and as eXploit Prevention for all On Premiseversions

    And in a third official Document i can only find eXploit Prevention for on premise and no Informationsabout the Central Version.

     

    That is confusing me.

  • Hello Ecrook,

    what do you call a Sophos Official Document [:P] and which Database are you referring to? [:)]
    Seriously, it is hard (and always has been, guess that's in Sophos' DNA and note: There might be translations when documents are originally written but later updates are often only in English - and maybe Japanese but I can't tell and it won't help anyway [;)]) to get concise, comprehensive and consistent information - especially when new features and products are added as a result of an acquisition. The various names and monikers add to the confusion.

    As far as I can tell (in principle what you've already found):

    • you'll find eXploit Prevention only in conjunction with on-premise SEC
    • Intercept X is still also a stand-alone product, information (tech specs et al.) is perhaps deliberately vague (from the datasheet: supports Windows 7 and above) and outdated or not quite correct (same source: can run alongside [...] Endpoint [...] when managed by Sophos Central)
    • CryptoGuard (yet another name) for servers is available in Central since the start of this month

    Unfortunately even resellers or partners might not be up-to-date. But sorry, I digress - what was your question?

    Christian
     

  • Hello Stephen Hogan,

    Intercept X isn't your "classic" AV that scans files (with potential active content) but monitors activity (process behaviour, network traffic destinations, writes to files) on the machine. Thus local and remote have no real meaning here, it'd only apply to on-access scanning. Arguably it's redundant (but don't forget that remote might also be any other - potentially unprotected - machine remote storage).

    Christian