Windows 7<\/strong><\/p>\n\n Windows Server 2008 R2<\/strong><\/p>\n\n Info<\/strong>: Windows Server 2008 support ends on July 31, 2020.<\/p>\n\n Sophos is offering extended support<\/strong> to customers who do not have a December 31, 2021 deadline to replace existing hardware. You will need to purchase an extra license for Sophos to give you a grace period until March 31, 2025 for the following products:<\/p>\n\n If you are interested in such an extended support, just write us via contact form<\/a>. We will be happy to provide you with an appropriate offer.<\/p>\n\n Sophos has already launched a beta program for Intercept X Enhanced Protection<\/strong> in October 2019. The goal of this program is to further drill down Intercept X and provide new functionality to combat current malware. Even in 2020, ransomware attacks are not stopping and terms like EMOTET are on everyone’s lips. Sophos therefore continues to work diligently to ensure that customers can continue to feel secure with Intercept X technology<\/strong>.<\/p>\n\n In the first version, Intercept X Enhanced Protection<\/strong> already included the two functions Anti-Malware Scanning Interface<\/strong> (AMSI) and Intrusion Prevention System<\/strong> (IPS).<\/p>\n\n In December 2019, new and very important protection mechanisms for Windows systems were added, which are now also available for Windows Server from version 2008 R2:<\/p>\n\n Since Windows 2000, Microsoft has integrated a function called EFS<\/strong> (Encrypting File System) into its operating system. Not to be confused with BitLocker, which can be used to encrypt an entire hard drive, EFS is used to encrypt specific files and folders.<\/p>\n\n Attackers have found a way to abuse this function and encrypt their victims’ data right away using the APIs of the system’s own encryption function (EFS). What is practical about the whole thing is that they do not have to reload their own malware for it. With EFS Guard<\/strong>, Intercept X can now protect against such attacks.<\/p>\n\n The inventors of new malware are increasingly using so-called “stagers”. This refers to small and innocent programs that download and execute malware in the temporary memory. As a result, they are hardly detected by traditional anti-malware applications. By analyzing the behavior of applications, dynamic shellcode protection can protect against exactly such malware. When behavior similar to that of a stager is detected, the detection immediately intervenes and stops the application.<\/p>\n\n CTF is a vulnerability in a Windows component that has been present since Windows XP. This vulnerability allows an unauthorized attacker to control any Windows process, including applications running in a sandbox. To ensure that the CTF protocol can no longer be exploited, the Sophos Threat Mitigation team has developed the CTF Guard<\/strong> feature and added it to the Threat Protection policy.<\/p>\n\n The ApiSetGuard<\/strong> function prevents applications from loading a malicious DLL masquerading as an ApiSet stub DLL. ApiSet Stub DLLs are DLLs that help a program to be compatible with newer Windows versions. Attackers can deposit malicious ApiSet stub DLLs on a system to manipulate functions. For example, the Sophos tamper protection could be overridden to terminate the Sophos client.<\/p>\n\n Those who use Sophos Central Email to scan their inbound and outbound traffic can now add a DKIM signature to their emails. To set this up, you need to go to the “Settings” of Central Email and select the “Domain Settings\/Status” menu item. If you now click on a domain that also scans outbound traffic, you will find the option to create a new DKIM key below the summary. Subsequently, a short instruction appears with all necessary information to set up the DKIM key.<\/p>\n\n Sophos Centrla Phish Threat is actually designed to train employees in a company to detect phishing emails. In the past, it was not really trustworthy when the automated training and registration emails were sent by “Sophos training@staysafe.sophos.com”<\/em>. Many an unsure employee has probably asked himself whether he should really click on the link in this e-mail. \ud83d\ude05 Sophos has now reacted to this and now offers the option to store your own domain for catch emails<\/strong>, reminder emails<\/strong> and registration emails<\/strong> that are sent to your end users.<\/p>\n\n To do this, simply go to the “Settings” of Phish Threat and select the menu item “Training notification and reminder emails”. A custom email address can now be activated and confirmed there. In my tests, however, the verification email, as well as the subsequent test email, ended up in the spam folder. By the way, these settings are applied to the Central Account and cannot be set individually per campaign.<\/p>\n\n Over the last two months, Sophos has again released a few innovations for the Central platform, which I would like to briefly summarize here. I will start this article, however, with a note about the imminent end of support for Windows 7 and Server 2008 R2. Soon end of support for Windows 7 and Windows […]<\/p>\n","protected":false},"author":4,"featured_media":21241,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-22194","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-unkategorisiert"],"blocksy_meta":[],"acf":[],"_links":{"self":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/posts\/22194","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/comments?post=22194"}],"version-history":[{"count":0,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/posts\/22194\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/media\/21241"}],"wp:attachment":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/media?parent=22194"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/categories?post=22194"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/tags?post=22194"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
\n
Acquire an extended support<\/h3>\n\n
\n
Sophos Intercept X Enhanced Protection (Beta) now available for servers<\/h2>\n\n
Protection against encryption file system attacks (EFS Guard)<\/h3>\n\n
![\"Protection](\"https:\/\/www.avanet.com\/assets\/sophos-central-threat-protection-vor-encrypting-file-system-angriffen-schutzen-1024x162.png\")
<\/a><\/figure>\n<\/figure>\n\nDynamic shellcode protection<\/h3>\n\n
![\"Dynamic](\"https:\/\/www.avanet.com\/assets\/sophos-central-threat-protection-dynamischer-shellcode-schutz-1024x66.png\")
<\/a><\/figure>\n<\/figure>\n\nValidate CTF Protocol Caller (CTF Guard)<\/h3>\n\n
![\"Validate](\"https:\/\/www.avanet.com\/assets\/sophos-central-threat-protection-ctf-protocol-caller-validieren-1024x65.png\")
<\/a><\/figure>\n<\/figure>\n\nPrevent side-loading of unsafe modules (ApiSetGuard)<\/h3>\n\n
![\"Prevent](\"https:\/\/www.avanet.com\/assets\/sophos-central-threat-protection-side-loading-unsicherer-module-verhindern-1024x65.png\")
<\/a><\/figure>\n<\/figure>\n\nE-mail DKIM signing<\/h2>\n\n
![\"Sophos](\"https:\/\/www.avanet.com\/assets\/sophos-central-email-gateway-domain-details-1024x489.jpg\")
<\/a><\/figure>\n<\/figure>\n\nCustomizable email address for Phish Threat Training<\/h2>\n\n
![\"Customizable](\"https:\/\/www.avanet.com\/assets\/sophos-central-phish-threat-automatisierte-e-mails-1024x489.jpg\" "\\"\\"")
<\/figure>\n","protected":false},"excerpt":{"rendered":"