Endpoint Protection Tech Specs

Intercept X is available for devices running on Windows and macOS. Intercept X is the industry’s most comprehensive endpoint protection and includes options for powerful endpoint detection and response (EDR) and extended detection and response (XDR).

For further information please see the Intercept X datasheet, Mac datasheet and EDR/XDR datasheet.

Get details on system requirements and supported operating systems in the Windows and macOS articles.

Features Intercept X Advanced Intercept X Advanced with XDR Intercept X with MTR Standard Intercept X with MTR Advanced
ATTACK SURFACE
Web Security
Download Reputation
Web Control / Category-based URL Blocking
Peripheral Control
Application Control
BEFORE IT RUNS ON DEVICE
Deep Learning Malware Detection
Anti-Malware File Scanning
Live Protection
Pre-execution Behavior Analysis (HIPS)
Potentially Unwanted Application (PUA) Blocking
Intrusion Prevention System
STOP RUNNING THREAT
Data Loss Prevention
Runtime Behavior Analysis (HIPS)
Antimalware Scan Interface (AMSI)
Malicious Traffic Detection (MTD)
Exploit Prevention
Active Adversary Mitigations
Ransomware File Protection (CryptoGuard)
Disk and Boot Record Protection (WipeGuard)
Man-in-the-Browser Protection (Safe Browsing)
Enhanced Application Lockdown  
DETECT
Live Discover (Cross Estate SQL Querying for Threat Hunting & IT Security Operations Hygiene)
SQL Query Library (pre-written, fully customizable queries) Suspicious Events Detection and Prioritization
Suspicious Events Detection and Prioritization
Fast Access, On-disk Data Storage (up to 90 days)
Cross-product Data Sources e.g. Firewall, Email (Sophos XDR)
Cross-product Querying (Sophos XDR)
Sophos Data Lake Cloud Storage 30 days 30 days 30 days
Scheduled Queries
INVESTIGATE
Threat Cases (Root Cause Analysis)
Deep Learning Malware Analysis
Advanced On-demand SophosLabs Threat Intelligence
Forensic Data Export
REMEDIATE
Automated Malware Removal
Synchronized Security Heartbeat
Sophos Clean
Live Response (remotely investigate and take action)
On-demand Endpoint Isolation
Single-click “Clean and Block”
HUMAN-LED THREAT HUNTING AND RESPONSE
24/7 Lead-driven Threat Hunting
Security Health Checks
Data Retention
Activity Reporting
Adversarial Detections
Threat Neutralization & Remediation
24/7 Lead-less Threat Hunting
Threat Response Team Lead
Direct Call-in Support
Proactive Security Posture Management

For supported macOS features see the license guide.

Features

  • EXPLOIT PREVENTION
    • Enforce Data Execution Prevention
    • Mandatory Address Space Layout Randomization
    • Bottom-up ASLR
    • Null Page (Null Deference Protection)
    • Heap Spray Allocation
    • Dynamic Heap Spray
    • Stack Pivot
    • Stack Exec (MemProt)
    • Stack-based ROP Mitigations (Caller)
    • Branch-based ROP Mitigations
    • Structured Exception Handler Overwrite (SEHOP)
    • Import Address Table Filtering (IAF)
    • Load Library
    • Reflective DLL Injection
    • Shellcode
    • VBScript God Mode
    • Wow64
    • Syscall
    • Hollow Process
    • DLL Hijacking
    • Squiblydoo Applocker Bypass
    • APC Protection (Double Pulsar / AtomBombing)
    • Process Privilege Escalation
    • Dynamic Shellcode Protection
    • EFS Guard
    • CTF Guard ApiSetGuard
  • ACTIVE ADVERSARY MITIGATIONS
    • Credential Theft Protection
    • Code Cave Mitigation
    • Man-in-the-Browser Protection (Safe Browsing)
    • Malicious Traffic Detection
    • Meterpreter Shell Detection
  • ANTIRANSOMWARE
    • Ransomware File Protection (CryptoGuard)
    • Automatic file recovery (CryptoGuard)
    • Disk and Boot Record Protection (WipeGuard)
  • APPLICATION LOCKDOWN
    • Web Browsers (including HTA)
    • Web Browser Plugins
    • Java
    • Media Applications
    • Office Applications
  • DEPLOYMENT
    • Windows
    • macOS
  • DEEP LEARNING
    • Deep Learning Malware Detection
    • Deep Learning Potentially Unwanted
    • Applications (PUA) Blocking
    • False Positive Suppression
    • Live Protection
  • RESPOND INVESTIGATE REMOVE
    • Root Cause Analysis
    • Sophos Clean
    • Synchronized Security Heartbeat
  • ENDPOINT DETECTION AND RESPONSE (EDR)
    • Live Discover SQL queries
    • Live Response command line interface
    • Cross Estate Threat Searching
    • Guided Investigations
    • EDR Deep Learning Malware Analysis
    • On-demand SophosLabs Threat Intelligence
    • Forensic Data Export
    • Endpoint Isolation
    • Sophos Data Lake – 7 days storage
    • Scheduled queries
  • EXTENDED DETECTION AND RESPONSE (XDR)
    • Cross-product data sources
    • Cross-product querying
    • Sophos Data Lake – 30 days storage