Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Intercept X 2.0: What's new

            Modified on Tue, 15 May, 2018 at 11:13 AM

            Overview

            The latest version of Intercept X features the addition of a Deep Learning malware detection engine as well as several new and updated anti-exploit features focused on active adversary protection. For full details of the new capabilities read What’s New in Sophos Intercept X.

            Deep Learning, an advanced form of machine learning, is able to detect whether a file is malicious or a potentially unwanted application (PUA) without having ever seen it before. Convicted files will be quarantined pre-execution, meaning they do not need to run. This happens automatically and instantly without the need to request a file scan.

            The latest release of Intercept X includes new and enhanced exploit prevention techniques. These include code cave detection to stop malicious code hidden inside legitimate applications and application procedure call (APC) abuse prevention to eliminate the techniques used to spread ransomware in attacks such as WannaCry and NotPetya. New protections against malicious process migration, process privilege escalation and application verifier protection were also included.

            We recommend testing the features out before widely deploying. First, turn the features on for a limited set of machines. Once you receive feedback from your testing, whitelist any files that may have been inaccurately labeled as malicious or potentially unwanted. Afterwards, test on a deployment machine and roll out to your environment.

            As part of the testing, we also recommend enabling the new deep learning functionality, as well as the active adversary controls, available in Central if you have not done so already. 

            The following sections are covered:

            How to enable new features

            By the w/c February 26, all customers will have the ability to turn on the new Deep Learning and anti-exploit features. By default, the new anti-exploit features will be turned off for all customers. Sophos recommends testing these new anti-exploit functionality before fully deploying. Deep Learning will automatically be enabled for new customers and those who were in the Early Access Program (EAP). Existing customers can enable Deep Learning in the Admin console.

            How to enable Deep Learning for EAP and new customers

            Prior to the software being deployed on endpoints you will have a new Deep Learning policy control option. Enable the Deep Learning setting so that when the software is deployed on your endpoints Deep Learning protection will be activated.

            1. From the Sophos Central Admin Dashboard, choose Policies.
            2. Select SETTINGS.
            3.  Activate Enable Deep Learning option.
            4. Choose Use recommended settings.
            5. Press Save to finalize.

            How to enable Deep Learning for existing customers

            Prior to the software being deployed on your endpoints you will have a new Deep Learning policy control option. It will be set by default to Sophos Managed (Off). If you change the policy, there will be no change to how it appears in the UI. This setting is also not controlled by the Use recommended settings option.

            1. From the Sophos Central Dashboard, choose Policies.
            2. Select SETTINGS.
            3. From the New: Deep Learning drop down menu and select ON to activate Deep Learning.
            4. Click Save to finalize.

            How to check if Deep Learning is enabled locally

            1. Launch the Sophos Endpoint installed on your machine.
            2. Enter the Tamper Protection password for the machine.
            3. Check the endpoint UI settings and see if Deep Learning is enabled.

            How to enable new Anti-Exploit Features

            By the w/c February 26, you will be able to turn on the new anti-exploit protection by enabling the settings in the threat protection policy. It will be set by default to Sophos Managed (Off). If you change the policy, there will be no change to how it appears in the UI. This setting is also not controlled by the Use recommended settings option.

            1. From Settings, you will see the New: Active Adversary Mitigations policy option:


            2. From the New: Active Adversary Mitigations drop down menu select Custom to display the mitigation settings:


            3. Select the mitigations you want to enable:


            4. Click Save to finalize:

            Related information

            Feedback and contact

            If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.
            This is invaluable to us to ensure that we continually strive to give our customers the best information possible.



            Article appears in the following topics



            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0