Sophos InterceptX running on a server

Are there any updates out now about Intercept X for Servers?

Hi gang,

I am also wondering about this.

The reason I ask is that if we have Sophos running on a server with Intercept X, then in the policy, under "Real-time Scanning - Local Files and Network Shares", should the setting here be set to just "Local" instead of "Local and Remote"?

It would make more sense to have Sophos installed on a server and clients with "Local" set, as right now, with "Local and Remote", several clients accessing the file would also be passing AV information through the network connections.

Sophos being installed on a server and set to local scans, along with the clients set to local scans, would mean that the shared files would be scanned locally, and there wouldn't be as much AV info traversing the network.

Just my thinking - but I stand to be corrected! ;)

Hello Stephen Hogan,

Intercept X isn't your "classic" AV that scans files (with potential active content) but monitors activity (process behaviour, network traffic destinations, writes to files) on the machine. Thus local and remote have no real meaning here, it'd only apply to on-access scanning. Arguably it's redundant (but don't forget that remote might also be any other - potentially unprotected - machine remote storage).

Christian

Hi Christian,

Thanks for clearing that up - I wasn't entirely sure to what extent Intercept X went out to in terms of local and remote storage, but now I understand.

Although, it does seem to side with my feelings that it would make sense to have on-access running on local storage for both servers and clients alike, rather than running on-access scans onto remote storage, taking up vital bandwidth.

Still, I am waiting to see when (if?) Intercept X is available for servers - I have an "Update Cache" on a 2012R2 server with Sophos Protection installed, so I should see Intercept X when it becomes available - shouldn't I? ;)

Regards,

Stephen

Hello Stephen,

[just to make sure, I'm not Sophos]
rather than running on-access scans onto remote storage
if bandwidth is indeed scarce and all potential sources are protected you could restrict scanning to local files (though this still leaves the risk that the remote machine is compromised or protection is inoperable). In an environment where workstations access other workstations and in addition users might disable AV I wouldn't recommend it.

when (if?) Intercept X is available for servers
not sure whether it requires a separate license (i.e. Intercept X for Server Protection) or not.

Christian

It depends which kind of license do you have and which kind of protection by Interecept X do you want.

Currently it is available the protection antiransomware (cryptoguard) if you use Cloud management and buy Central Server Protection Advanced.

For on Premise managed Sophos enterprise Console, antiransomware protection is availaible for Server Protection Enteprise and there is an Add-on for

It depends which kind of license do you have and which kind of protection by Interecept X do you want.

Currently it is available the protection antiransomware (cryptoguard) if you use Cloud management and buy Central Server Protection Advanced.

For on Premise managed Sophos enterprise Console, antiransomware protection is availaible for Server Protection Enteprise and there is an Add-on for