Block zero-day attacks by blocking exploits

Attackers want to distribute and install their malware, steal your data, and evade detection. Using a relatively short list of highly effective exploit techniques enables them to do just this.

With Intercept X, evasive hackers and zero-day attacks can’t get through – because rather than focusing solely on stopping malware, Intercept X tracks the behavior that indicates an attack is underway and stops it dead in its tracks.

Vulnerabilities occur in software at an alarming rate, often requiring patches from the vendor – and before those patches, those vulnerabilities remain. While installing the latest patches as quickly as possible is always a recommended best practice, Intercept X offers a layer of protection against unpatched devices. By intercepting the techniques attackers use to take advantage of these and other vulnerabilities, Sophos is able to stop attackers from abusing a computer to do something it should not be doing.

Sophos Intercept X includes:

Exploit Protection

Deny attackers their favorite tools for conducting attacks by blocking the exploits and techniques used in both malware-based and file-less attacks.

Active Adversary Mitigations

Intercept X utilizes a range of techniques, including credential theft prevention, code cave utilization detection, and APC protection used to gain a presence and remain undetected on victim networks.

Deep Learning

Intercept X uses a deep learning neural network, an advanced form of machine learning, to detect known and unknown malware without signatures.


CryptoGuard, included with Intercept X, uses behavioral analysis and file rollback to stop file-based and master boot record ransomware attacks.

Intelligent EDR

Intercept X Advanced with EDR offers powerful endpoint detection and response with built-in expertise from SophosLabs to help you answer the tough questions about security incidents.

Malware Cleanup

Sophos Clean offers the industry’s most powerful malware cleaner. While other enterprise antivirus offerings just remove the offending malware files, Sophos Clean eradicates malicious code and more.

Managed Detection & Response (MDR)

The Sophos Managed Threat Response (MTR) Service offers 24/7 threat hunting, detection, and response delivered by an expert team as a fully-managed service.

Synchronized Security

Simply and unify your defenses with Sophos Synchronized Security. Your solutions will share real-time threat intelligence between endpoints, firewall, and other Sophos products for automated incident response to threats.

Sophos Central

Intercept X is integrated into Sophos Central, the intuitive cloud-native console for managing all your Sophos products. There’s no servers to build – just log in, download the agent, and configure all your policies from one place.

Vulnerabilities vs. Exploits vs. Exploit Techniques



A weakness in the design or implementation of a piece of hardware/software.


A specific successful and reliable use of one or more exploit techniques against one of thousands of potential target vulnerabilities.

Exploit Technique

The underlying way in which an attacker can abuse a vulnerability to make a computer do something it shouldn’t