This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

sophos central incercept X advance y Sophos Central inercept X advanced con EDR consulta

Hola comunidad quisiera que me absuelvan estas consulta 

de que manera nos ayuda estas aplicaciones que tiene el Sophos Central Incercept X

1.- Endpoint Agent: (Windows/macOS)

2.-- Anti-malware

3.- Live Protection

4.- Web Security

5.- Web Control

6.- Malware Removal

7.- Peripheral Control

8.- Application Control

9.- Synchronized Security Heartbeat (Windows only)

10.- Behaviour Analysis/HIPS

11- Data Loss Prevention

12.- Download Reputation

13.- Malicious Traffic Detection

14.- Exploit Prevention

15.- Cryptoguard Anti-Ransomware

16.- Sophos Clean

17.- Root Cause Analysis

18.- Sophos for Virtual Environments

19.- Light Agent off-board scanning: (Windows Desktop VMs) Anti-malware

20.- Live Protection

21.- Malware Removal

esperando nos apoye 



This thread was automatically locked due to age.
Parents
  • Hi  

    Please find the answers for your queries below:

    1.- Endpoint Agent: (Windows/macOS) - It works for the communication channel between Sophos central and endpoint. It does the job of reporting the alerts to the Sophos Central.

    2.-- Anti-malware - It is an Anti-Virus engine which scans the machine/files/folders as per the scanning configured.

    3.- Live Protection - 

    Live Protection checks suspicious files against the latest malware in the SophosLabs database.

    You can select these options:

    • Use Live Protection to check the latest threat information from SophosLabs online. This checks files during real-time scanning.
    • Use Live Protection during scheduled scans

    4.- Web Security - It should be Web control only.

    5.- Web Control - Web control also has web intelligence(Web protection) feature which also blocks the access to a malicious website and web control provides administration to put the restriction on the accessible website on the endpoints. Please refer to this document for more information.

    6.- Malware Removal - It is not a feature in Intercept X, it is a normal procedure of malware removal after detection.

    7.- Peripheral Control - It can block/allow the peripheral devices like USB, PTP, MTP, removal hard drives, Bluetooth, etc on the endpoints.

    8.- Application Control - It can block/allow the specific websites mentioned under the application control policy.

    9.- Synchronized Security Heartbeat (Windows only) - It is a feature which is useful when you have Sophos XG firewall. Please refer to this document for more information.

    10.- Behaviour Analysis/HIPS - It is a behavioural-based detection mechanism which is different than traditional signature-based detection system and HIPS is host-based Intrusion prevention system. 

    11- Data Loss Prevention - DLP is to block the exfiltration of the confidential data through email, web, etc platforms.

    12.- Download Reputation - It for the file which you are downloading on your machine. Please refer to this document.

    13.- Malicious Traffic Detection - The Sophos Malicious Traffic Detection is a component that will monitor HTTP traffic for signs of connectivity to known bad URLs such as Command and Control servers. For more information, please refer to this document.

    14.- Exploit Prevention - This feature is for our on-premise product Sophos Enterprise console. Please refer to this document for more information.

    15.- Cryptoguard Anti-Ransomware - As the name suggests, it is a feature which provides protection against a ransomware attack.

    16.- Sophos Clean - Sophos clean does the cleanup job once the malware has been detection through AV.

    17.- Root Cause Analysis - Please refer to this document, it will help you to understand the term.

    18.- Sophos for Virtual Environments - This is a different product which is only for VM machines which are hosted on ESXi, hyper-v.

    19.- Light Agent off-board scanning: (Windows Desktop VMs) Anti-malware - this is an anti-malware agent for the Sophos for Virtual environments.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

Reply
  • Hi  

    Please find the answers for your queries below:

    1.- Endpoint Agent: (Windows/macOS) - It works for the communication channel between Sophos central and endpoint. It does the job of reporting the alerts to the Sophos Central.

    2.-- Anti-malware - It is an Anti-Virus engine which scans the machine/files/folders as per the scanning configured.

    3.- Live Protection - 

    Live Protection checks suspicious files against the latest malware in the SophosLabs database.

    You can select these options:

    • Use Live Protection to check the latest threat information from SophosLabs online. This checks files during real-time scanning.
    • Use Live Protection during scheduled scans

    4.- Web Security - It should be Web control only.

    5.- Web Control - Web control also has web intelligence(Web protection) feature which also blocks the access to a malicious website and web control provides administration to put the restriction on the accessible website on the endpoints. Please refer to this document for more information.

    6.- Malware Removal - It is not a feature in Intercept X, it is a normal procedure of malware removal after detection.

    7.- Peripheral Control - It can block/allow the peripheral devices like USB, PTP, MTP, removal hard drives, Bluetooth, etc on the endpoints.

    8.- Application Control - It can block/allow the specific websites mentioned under the application control policy.

    9.- Synchronized Security Heartbeat (Windows only) - It is a feature which is useful when you have Sophos XG firewall. Please refer to this document for more information.

    10.- Behaviour Analysis/HIPS - It is a behavioural-based detection mechanism which is different than traditional signature-based detection system and HIPS is host-based Intrusion prevention system. 

    11- Data Loss Prevention - DLP is to block the exfiltration of the confidential data through email, web, etc platforms.

    12.- Download Reputation - It for the file which you are downloading on your machine. Please refer to this document.

    13.- Malicious Traffic Detection - The Sophos Malicious Traffic Detection is a component that will monitor HTTP traffic for signs of connectivity to known bad URLs such as Command and Control servers. For more information, please refer to this document.

    14.- Exploit Prevention - This feature is for our on-premise product Sophos Enterprise console. Please refer to this document for more information.

    15.- Cryptoguard Anti-Ransomware - As the name suggests, it is a feature which provides protection against a ransomware attack.

    16.- Sophos Clean - Sophos clean does the cleanup job once the malware has been detection through AV.

    17.- Root Cause Analysis - Please refer to this document, it will help you to understand the term.

    18.- Sophos for Virtual Environments - This is a different product which is only for VM machines which are hosted on ESXi, hyper-v.

    19.- Light Agent off-board scanning: (Windows Desktop VMs) Anti-malware - this is an anti-malware agent for the Sophos for Virtual environments.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

Children
No Data