Sophos Intercept

Intercept X has released, and enabled, a new protection feature called Dynamic Shellcode Protection. This is an exciting new addition to Sophos Intercept X, designed to prevent active adversaries from achieving one of their most sought-after goals: using remote access agents to gain “hands on keyboard” privileges.

According to Mark Loman, Director of Engineering at Sophos “The Dynamic Shellcode Protection is unique to Sophos. It basically puts a HARD LIMIT on ANY application to what memory they can allocate. It impacts EVERY process on the box, even Windows’ own processes! I am not overstating things when I say that imposing this limit is incredibly, incredibly bold of Sophos”.

About Sophos Intercept X for Mobile help. This help file provides information about the Android version of Intercept X for Mobile. The descriptions refer to the latest version of the app. If you’re using an older version, some features might not be available. Intercept X has released, and enabled, a new protection feature called Dynamic Shellcode Protection. This is an exciting new addition to Sophos Intercept X, designed to prevent active adversaries from achieving one of their most sought-after goals: using remote access agents to gain “hands on keyboard” privileges.

You can read an article on Sophos News talking about this new feature.

For a technical deep dive into this attack technique and how Dynamic Shellcode Protection stops it, read Mark Loman’s excellent article also on Sophos News.

Feel free to share the above articles with customers.

Sophos Intercept X: Threat Protection Policy Best Practices

Going over the best practices for configuring your threat protection policy for Intercept X in Sophos Central.
Attend our webinar March 31st, 2021 at 2pm EST/11am PST, to learn about different configuration scenarios to configure for!
Register at: https://soph.so/TechTipsEP1-Tv
Navigate to different sections by clicking on the top bar in the video or,
Skip ahead to these sections:
0:00 Overview
0:37 Multi-Factor Authentication
1:14 Threat Protection Recommended Settings
7:23 Scanning Exclusions
8:33 Server Protection
9:11 More Info
Special thanks to Richard Pulis, Justan On, Dave Fore, and Greg Rosenberg for their technical expertise!
Threat Protection Policy documentation: https://docs.sophos.com/central/Customer/help/en-us/central/Customer/concepts/ServerConfigureMalwareProtection.html
Server Threat Protection Policy: https://docs.sophos.com/central/Customer/help/en-us/central/Customer/concepts/ServerConfigureMalwareProtection.html
Report False Positive detections: https://support.sophos.com/support/s/article/KB-000037167?language=en_US
Threat Cases: https://support.sophos.com/support/s/article/KB-000036336?language=en_US
Web Control Policy: https://docs.sophos.com/central/Customer/help/en-us/central/Customer/concepts/ConfigureWebControl.html
More information on Training and Sophos Certifications: https://www.sophos.com/en-us/company/training.aspx

Sophos Intercept X On Windows Server

Embed

Sophos Intercept X

<script type='text/javascript' async src='https://play.vidyard.com/embed/v4.js' rows='5' readonly='readonly' aria-label='Player lightbox embed code'><script type='text/javascript' async src='https://play.vidyard.com/embed/v4.js'></script><imgclass='vidyard-player-embed' src='https://play.vidyard.com/QguEJSD2ydngVvS2CZciE4.jpg' />

Sophos Intercept X Endpoint

Choose your embed type above, then paste the code on your website.