Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=application-lockdown-events

Deal with application lockdown events

The application lockdown feature stops attacks that abuse legitimate features in commonly-used applications to perform an attack or launch malware.

When an application under lockdown does something prohibited, such as installing other software or changing system settings, these steps are taken:

  • Intercept X automatically closes the application.
  • The user is notified.
  • A threat graph is generated.

What you should do

You should do as follows:

  • Use the threat graph to identify the file or activity that is the cause of the attack.
  • Confirm that no other action is required.