Sophos Central Server: Recommended settings for Threat Protection policy KB-000038565 12 11, 2020 0 people found this article helpful. .Linux includes two deployment options. 1) Intercept X Advanced for Server with EDR deployment gives access to the features noted in the table. 2) Sophos Anti-Virus for Linux deployment that includes: Anti-malware, Live Protection, Malicious Traffic Detection and Synchronized Security.

Sophos Server Protection Advanced is the only solution that locks down your server with a single click, securing servers in a safe state and preventing unauthorized applications from running. With that click, Sophos automatically scans the system, establishes an inventory of knowngood applications, and whitelists just those applications. Sophos XG Firewall works with your Sophos Central Server Protection, sharing information and automatically responding to threats. XG Firewall can run in-line with your current gateway appliance, or replace it. Learn more and try for yourself. Try XG Firewall Learn about XG Firewall. Find out how your servers are protected. Server Protection protects servers against malware, risky file types and websites, and malicious network traffic. It also offers peripheral control, web control, and server lockdown, which lets you control the software run on your servers.

Server Lockdown prevents unauthorized software from running on servers.

To do this, Sophos makes a list of the software already installed, checks it is safe, and allows only that software to run in future.

You lock down a server at its details page.

You can use the Server Lockdown settings in a policy to change what is allowed without the need to unlock the server. For example, you might want to add and run new software.

Go to Server Protection > Policies to set up Server Lockdown.

To set up a policy, do as follows:

• Create a Lockdown policy.
• Open the policy's Settings tab and configure it as described below. Make sure the policy is turned on.

Allowed files/folders

This option lets you allow software (such as updaters) to run and modify other applications. It also lets you add new software to a locked-down server without unlocking it.

You can specify files that are allowed, or a folder in which all the files are allowed.

1. Click Add allowed file/folder.
2. Select the type of item to allow (file or folder).
3. Enter the path of the file or folder.
4. Click Save.

This lets you block software that is currently allowed to run.

You can specify files that are blocked, or a folder in which all the files are blocked.

1. Click Add blocked file/folder.
2. Select the type of item to block (file or folder).
3. Enter the path of the file or folder.
4. Click Save.

Ensuring that your endpoint and server protection is correctly configured is one of the most important things you can do for your organization’s security.

This article will give you some quick tips and links to resources so you can get the most out of your Sophos protection.

Getting started

In Sophos Central policies are used to apply protection settings such as specific exploit preventions, application control, and peripheral control. Policies can apply to endpoints, servers, users or groups depending on how you want to set things up. How to create a policy.

Application Control

Controls which applications should be blocked. For example, uTorrent and Steam games.
Endpoint setup | Server setup

Data Loss Prevention

Sophos Server Protection Failed To Download The Installer

Stops specific file types or content in a file from being transferred from a device. Xsplit download for mac. For example, stop files containing account numbers being sent from a device.
Endpoint setup | Server setup

Windows Firewall

Blocks inbound connections from specific domains or networks. Canon scanner software, free download for mac. For example, stopping all private networks accessing a device.
Endpoint setup | Server setup

Peripheral Control

Controls what can be plugged into a device. For example, blocking USB sticks and optical drives.
Endpoint setup | Server setup

Threat Protection

Sophos Server Protection Requirements

Configures protection features. We strongly suggest always using Sophos recommended settings.
Endpoint setup | Server setup

Update Management

Schedules updates to a specific time. For example, setting them after office hours.

Endpoint setup | Server setup

Web Control

Stops users downloading risky files or accessing inappropriate websites. For example, block .exe file downloads.
Endpoint setup | Server setup

File Integrity Monitoring (Server only)

Monitors important files and folders for signs of tampering. For example, critical Windows directories or key programs.
How to set one up.

Tamper Protection
Tamper protection stops unauthorized users and types of malware from uninstalling Sophos protection. You should always have it enabled. Learn more.

Do I need to log in and check for alerts?

Users often ask how often they should log in to check for alerts and actions. The good news is that Sophos Central automatically emails admins when there is an event requiring their attention. Here’s how to configure alerts.

Check your security posture with EDR

Endpoint Detection and Response (EDR) is a powerful tool to help you find threats across your network. It’s easy to get started by checking the list of the most suspicious potential threats for investigation in your organization.

We give you curated threat intelligence so you can quickly decide whether a potential threat needs taking care of. Watch the EDR how-to videos.

More information