Sophos Intercept X

Intercept X features CryptoGuard, which prevents the malicious spontaneous encryption of data by ransomware.

Free Trial  Get a Quote
Sophos Intercept X
image description


Sophos Intercept X Advanced with EDR

Intercept X Advanced
Intercept X Advanced with XDR
Intercept X Advanced with MTR

Sophos Intercept X is the world’s best endpoint protection. It stops the latest cybersecurity threats with a combination of deep learning AI, anti-ransomware capabilities, exploit prevention and other techniques.

Sophos Intercept X employs a comprehensive, defense in depth approach to endpoint protection, rather than relying on one primary security technique. This layered approach combines modern and traditional techniques to stop the widest range of threats.

Stop Unknown Threats

Deep learning AI in Intercept X excels at detecting and blocking malware even when it hasn’t been seen before. It does this by scrutinizing file attributes from hundreds of millions of samples to identify threats without the need for a signature.

Block Ransomware

Intercept X includes advanced anti-ransomware capabilities that detect and block the malicious encryption processes used in ransomware attacks. Files that have been encrypted will be rolled back to a safe state, minimizing any impact to business productivity.

Prevent Exploits

Anti-exploit technology stops the exploit techniques that attackers rely on to compromise devices, steal credentials and distribute malware. By stopping the techniques used throughout the attack chain Intercept X keeps your organization secure against file-less attacks and zero-day exploits.

Layered Defenses

In addition to powerful modern functionality, Intercept X also utilizes proven traditional techniques. Example features include application lockdown, web control, data loss prevention and signature-based malware detection. This combination of modern and traditional techniques reduces the attack surface, and provides the best defense in depth.

Synchronized Security

Sophos solutions work better together. For example, Intercept X and Sophos Firewall will share data to automatically isolate compromised devices while cleanup is performed, then return network access when the threat is neutralized. All without the need for admin intervention.

Intercept X uses multiple layers of technology, allowing you to create your own tailored next-generation endpoint security solution.


  • Stops never seen before threats with deep learning AI
  • Blocks ransomware and rolls back affected files to a safe state
  • Prevents the exploit techniques used throughout the attack chain
  • Answers critical IT operations and threat hunting questions with EDR
  • Provides 24/7/365 security delivered as a fully managed service
  • See and leverage firewall, email and other data sources* with XDR
  • Easy to deploy, configure and maintain even in remote working environments

*Cloud Optix and Sophos Mobile coming soon

Endpoint Detection and Response (EDR)

Designed for IT admins and cybersecurity specialists, Sophos EDR answers critical IT operations and threat hunting questions. For example, identify devices with performance issues or suspicious processes trying to connect on non-standard ports, then remotely access the device to take remedial actions.

Managed Threat Response (MTR)

24/7/365 threat hunting detection and response service that’s delivered by a team of Sophos experts. Sophos analysts respond to potential threats, look for indicators of compromise and provide detailed analysis on events including what happened, where, when, how and why.

Extended Detection and Response (XDR)

Go beyond endpoints and servers, pulling in firewall, email and other data sources*

You get a holistic view of your organization’s cybersecurity posture with the ability to drill down into granular detail. For example, understand office network issues and what application is causing them.

*Sophos Cloud Optix and Sophos Mobile XDR integration coming soon


Technical Specifications

Intercept X supports Windows 7 and above, 32 and 64 bit. It can run alongside Sophos Endpoint Protection Standard or Advanced, when managed by Sophos Central. It can also run alongside third party Endpoint and antivirus products to add anti-exploit, anti-ransomware, and root cause analysis.

Features Intercept X Advanced Intercept X Advanced with XDR Intercept X with MTR Standard Intercept X with MTR Advanced
Web Security
Download Reputation
Web Control / Category-based URL Blocking
Peripheral Control
Application Control
Deep Learning Malware Detection
Anti-Malware File Scanning
Live Protection
Pre-execution Behavior Analysis (HIPS)
Potentially Unwanted Application (PUA) Blocking
Intrusion Prevention System
Data Loss Prevention
Runtime Behavior Analysis (HIPS)
Antimalware Scan Interface (AMSI)
Malicious Traffic Detection (MTD)
Exploit Prevention
Active Adversary Mitigations
Ransomware File Protection (CryptoGuard)
Disk and Boot Record Protection (WipeGuard)
Man-in-the-Browser Protection (Safe Browsing)
Enhanced Application Lockdown  
Live Discover (Cross Estate SQL Querying for Threat Hunting & IT Security Operations Hygiene)
SQL Query Library (pre-written, fully customizable queries) Suspicious Events Detection and Prioritization
Suspicious Events Detection and Prioritization
Fast Access, On-disk Data Storage (up to 90 days)
Cross-product Data Sources e.g. Firewall, Email (Sophos XDR)
Cross-product Querying (Sophos XDR)
Sophos Data Lake Cloud Storage 30 days 30 days 30 days
Scheduled Queries
Threat Cases (Root Cause Analysis)
Deep Learning Malware Analysis
Advanced On-demand SophosLabs Threat Intelligence
Forensic Data Export
Automated Malware Removal
Synchronized Security Heartbeat
Sophos Clean
Live Response (remotely investigate and take action)
On-demand Endpoint Isolation
Single-click “Clean and Block”
24/7 Lead-driven Threat Hunting
Security Health Checks
Data Retention
Activity Reporting
Adversarial Detections
Threat Neutralization & Remediation
24/7 Lead-less Threat Hunting
Threat Response Team Lead
Direct Call-in Support
Proactive Security Posture Management


We've assembled some product videos to give you basic information on Intercept X.

Introducing Sophos Intercept X

With Intercept X, Sophos is redefining what customers should expect from next-generation endpoint security products. No other vendor offers signatureless exploit prevention, ransomware detection, visual root-cause analysis, and advanced cleanup technology.

Technical Demo: Sophos Intercept X

Intercept X is a next-generation endpoint detection and response platform designed to stop ransomware, zero-day exploits, and provide detailed threat intelligence.

Intercept X vs. Petya/Petna/PetrWrap Ransomware

This short video showcases the signatureless protection capabilities of Intercept X. The Petya/Petna/PetrWrap outbreak that made headlines on June 27th, 2017 not only attempted to encrypt documents, it also infected the master boot record to encrypt the master file table and prevent users from using their machines.

Root Cause Analysis RCA in 2 Minutes | Intercept X

The RCA feature found in Intercept X helps administrators quickly identify all attributes of an attack from beginning to end.


Intercept X Datasheets, Guides etc.

Need help? Call our Sophos techical experts

Email any time or call  877.386.3763 (call answer guarantee, 8am - 5pm MDT, M-F)

  • Sophos Silver Partner