Skip to content

Endpoint Protection

You install an Endpoint Protection agent on workstations to protect them against malware, risky file types and websites, and malicious network traffic.

It also offers peripheral control, web control and more.

Sophos Device Encryption is also installed automatically on Windows computers (if you have the required license).


On Windows computers, we create some user groups that are used by Sophos Anti-Virus. These groups are SophosUser, SophosPowerUser and Sophos Administrator. Don't delete them.

For help with setting up your firewall or proxy to communicate between Sophos Central Admin and your managed endpoints, see Domains and ports to allow.

Download and run installers

Some options may not be available for all customers yet.

You need to download an installer and run it on computers you want to protect. You can choose from two sets of installers:

  • Full malware protection
  • XDR Sensor


Endpoint installers are for Windows and macOS only. For Linux installers, look under Server Protection.

Full malware protection

  1. Go to Devices > Installers.
  2. In Endpoint Protection, under Full malware protection and more, do one of the following:

    • Click Download Complete Windows Installer or Download Complete macOS Installer. This installer includes all endpoint products your license covers.

    • Click Choose Components… to choose which products will be included in the installer.

      If you select XDR Sensor, we won't install protection. You must have third-party protection installed.

  3. Go to the Downloads folder and run the installer.

Alternatively, click Send Installers to Users. This takes you to a page where you can add users and send them installers that they can use. You can only use this option for Windows computers.

XDR Sensor installers

XDR Sensor detects threats and sends data to the Sophos Data Lake for analysis.

XDR Sensor doesn't protect against threats. You must have third-party protection installed. You must also have a licence that includes XDR.

  1. Go to Devices > Installers.
  2. In Endpoint Protection, under XDR Sensor installers, click the installer for your operating system.
  3. Go to the Downloads folder and run the installer.

Before you install on macOS

Find out what you need to know before you install our protection software on macOS.

  • You must move the file to a location that's not in the user’s Documents, Desktop, or Downloads folders. We recommend the user's home folder.
  • After the .zip file is extracted, check if the Apple quarantine flag is set correctly. Do as follows:

    1. Run xattr ~/SophosInstall/Sophos\ This command will likely display
    2. If the attribute is present, run sudo xattr -r -d ~/SophosInstall/Sophos\
    3. Run the installer normally.

    If the files are extracted in a different location, adjust the paths accordingly.


    You can use ~ as a shortcut for the user's home folder instead of /Users/username.

What happens when you protect a computer

When you protect a computer:

  • Each user who logs in is added to the users list in Sophos Central automatically.
  • Default policies are applied to each user.
  • Each computer is added to the Computers list in Sophos Central.

How we handle Windows usernames and login names

Users are listed with full login name, including the domain if available (for example, DOMAINNAME\jdoe).

If there is no domain, and a user logs in to multiple computers, multiple user entries are displayed for this user, for example MACHINE1\user1 and MACHINE2\user1. To merge these entries, delete one and assign the login to the other (and rename the user, if required). See Endpoint protection deployment methods.