Professional Documents
Culture Documents
Download Reputation
Web Control / Category-based URL Blocking
Peripheral Control (e.g. USB)
Application Control
Deep Learning Malware Detection
BEFORE IT RUNS
Live Protection
Pre-execution Behavior Analysis (HIPS)
Potentially Unwanted Application (PUA) Blocking
PREVENT
Sophos Clean
On-demand Endpoint Isolation
Single-click “Clean and Block”
Sophos Intercept X Features
Details of features included in Intercept X. Intercept X Advanced also includes features from Sophos Central Endpoint Protection.
Features Features
RANSOMWARE
Ransomware File Protection (CryptoGuard)
Mandatory Address Space Layout Randomization
ANTI-
Bottom-up ASLR Automatic file recovery (CryptoGuard)
Null Page (Null Deference Protection) Disk and Boot Record Protection (WipeGuard)
Heap Spray Allocation
Dynamic Heap Spray
Web Browsers (including HTA)
APPLICATION
Stack Pivot
LOCKDOWN
Web Browser Plugins
Stack Exec (MemProt) Java
Stack-based ROP Mitigations (Caller)
Media Applications
Branch-based ROP Mitigations (Hardware Assisted)
Structured Exception Handler Overwrite (SEHOP) Office Applications
EXPLOIT PREVENTION
PROTECTION
LEARNING
Load Library
DEEP
Deep Learning Potentially Unwanted
Reflective DLL Injection Applications (PUA) Blocking
Shellcode False Positive Suppression
VBScript God Mode
Threat Cases (Root Cause Analysis)
INVESTIGATE
Wow64
RESPOND
REMOVE
Syscall
Sophos Clean
Hollow Process
DLL Hijacking Synchronized Security Heartbeat
Squiblydoo Applocker Bypass Can run as standalone agent
APC Protection (Double Pulsar / AtomBombing)
DEPLOYMENT
Can run alongside existing antivirus
Process Privilege Escalation
Can run as component of existing
Dynamic Shellcode Protection Sophos Endpoint agent
EFS Guard
Windows 7, 8, 8.1, 10
CTF Guard
macOS*
ApiSetGuard
Credential Theft Protection * features supported CryptoGuard, Malicious Traffic Detection,
Synchronized Security Heartbeat, Root Cause Analysis
MITIGATIONS
ADVERSARY
Windows macOS
Web Security
ATTACK SURFACE
REDUCTION
Download Reputation
Live Protection
PREVENT
Server Operating Systems are not covered by Central Endpoint of Central Intercept X. Visit Sophos.com/server for more detail.