Sophos Intercept X

Intercept X features CryptoGuard, which prevents the malicious spontaneous encryption of data by ransomware.

Free Trial  Get a Quote
Sophos Intercept X
image description


We have good news, and bad news...

Next-Generation Anti-Exploit, Anti-Ransomware, and Root Cause Analysis Intercept X adds next-generation signatureless technologies on top of your current endpoint security to give you complete, layered protection.


  • Anti-exploit zero-day defense
  • Anti-ransomware CryptoGuard technology
  • Root cause analysis
  • Lingering malware removal with Sophos Clean
  • Augments your existing antivirus investment

Build Your Next-Gen Endpoint Protection

The days of straightforward file scanning are long gone. Your endpoint security goal is now to prevent threats from reaching your devices, stop them before they run, detect them if they have bypassed preventative methods, and not just clean up malware, but analyze and undo everything it does to your endpoints.

Protect Vulnerable Software

Anti-exploit technology stops threats before they become an issue by recognizing and blocking common malware delivery techniques, thus protecting your endpoints from unknown threats and zero-day vulnerabilities.

Effective Ransomware Detection

CryptoGuard technology detects spontaneous malicious data encryption to stop ransomware in its tracks. Even if trusted files or processes are abused or hijacked, CryptoGuard will stop and revert them without any interaction from users or IT support personnel. CryptoGuard works silently at the file system level, keeping track of remote computers and local processes that attempt to modify your documents and other files.

Root Cause Analysis

Identifying malware and isolating and removing it solves the immediate problem. But do you really know what the malware did before it was removed, or how it was introduced in the first place? Root cause analysis shows you all the events that led up to a detection. You’ll be able to understand what files, processes, and registry keys were touched by the malware and activate your advanced system clean to rewind time.

Add Next-Gen Protection to Your Traditional Security

Intercept X compliments existing anti-malware and antivirus implementations delivering powerful next-gen anti-exploit and anti-ransomware protection traditional products lack. By eliminating the attack vectors which traditional solutions don’t block, Sophos Intercept X helps to harden your security posture and increase resilience.

Simplify Management and Deployment

Managing your security from Sophos Central means you no longer have to install or deploy servers to secure your endpoints. Sophos Central provides default policies and recommended configurations to ensure that you get the most effective protection from day one.

Stop Ransomware Before It Takes Your Files Hostage

Ransomware like Cryptolocker is the number one malware attack affecting organizations today. It encrypts your files and holds them hostage until the ransom is paid, causing massive disruption to business productivity.

Intercept X uses multiple layers of technology, allowing you to create your own tailored next-generation endpoint security solution.

Technical Specifications

Intercept X supports Windows 7 and above, 32 and 64 bit. It can run alongside Sophos Endpoint Protection Standard or Advanced, when managed by Sophos Central. It can also run alongside third party Endpoint and antivirus products to add anti-exploit, anti-ransomware, and root cause analysis.


Intercept X

Sophos XG Series firewalls come pre-loaded with the Sophos Firewall OS to provide optimal performance to meet today’s network security requirements.

Before It Reaches Device
Web Security  
Download Reputation  
Web Control / Category-based URL Blocking  
Device Control (e.g., USB)  
Application Control  
Browser Exploit Prevention
Before It Runs on Device
Anti-Malware File Scanning  
Live Protection  
Pre-execution Behavior Analysis / HIPS  
Potentially Unwanted Application (PUA) Blocking  
Exploit Prevention
Stop Running Threat
Runtime Behavior Analysis / HIPS  
Malicious Traffic Detection (MTD)
CryptoGuard Ransomware Protection
Investigate and Remove
Automated Malware Removal
Synchronized Security Heartbeat
Root Cause Analysis
Sophos Clean

Existing Sophos Endpoint Protection customers using Enterprise Console or UTM to manage their endpoints must switch their endpoints to be managed by Sophos Central. See for more info.


We've assembled some product videos to give you basic information on Intercept X.

Introducing Sophos Intercept X

With Intercept X, Sophos is redefining what customers should expect from next-generation endpoint security products. No other vendor offers signatureless exploit prevention, ransomware detection, visual root-cause analysis, and advanced cleanup technology.

Technical Demo: Sophos Intercept X

Intercept X is a next-generation endpoint detection and response platform designed to stop ransomware, zero-day exploits, and provide detailed threat intelligence.

Intercept X vs. Petya/Petna/PetrWrap Ransomware

This short video showcases the signatureless protection capabilities of Intercept X. The Petya/Petna/PetrWrap outbreak that made headlines on June 27th, 2017 not only attempted to encrypt documents, it also infected the master boot record to encrypt the master file table and prevent users from using their machines.

Root Cause Analysis RCA in 2 Minutes | Intercept X

The RCA feature found in Intercept X helps administrators quickly identify all attributes of an attack from beginning to end.


Intercept X Datasheets, Guides etc.

Need help? Call our Sophos techical experts

Email any time or call  877.386.3763 (call answer guarantee, 8am - 5pm MDT, M-F)

  • Sophos Silver Partner