You install an Endpoint Protection agent on workstations to protect them against malware, risky file types and websites, and malicious network traffic.
It also offers peripheral control, web control and more.
Sophos Device Encryption is also installed automatically on Windows computers (if you have the required license).
On Windows computers, we create some user groups that are used by Sophos Anti-Virus to do certain operations. These groups are SophosUser, SophosPowerUser and Sophos Administrator. Don't delete these groups.
For help with setting up your firewall or proxy to communicate between Sophos Central Admin and your managed endpoints, see Domains and ports to allow.
Download and run installers
Go to Protect Devices.
Download the installer for your operating system and run it on computers you want to protect.
Download Complete Windows Installer: Click this for an installer with all endpoint products your license covers.
Alternatively, click Choose Components… to choose which products will be included in the installer. The choices are:
- Sophos Intercept X Advanced (protection from ransomware and exploits).
- Device Encryption.
Download Complete macOS Installer: Click this for an installer with all endpoint products your license covers.
Alternatively, click Choose Components… to choose which products will be included in the installer. The choices are as for Windows above.
Send Installers to Users: Click this to go to a page where you can add users and send them installers that they can use.
On macOS 11 Big Sur you must move the
SophosInstall folder to the user's
For Linux, look for "Server Protection". Sophos Central treats all Linux computers as servers.
What happens when you protect a computer
When you protect a computer:
- Each user who logs in is added to the users list in Sophos Central automatically.
- Default policies are applied to each user.
- Each computer is added to the Computers list in Sophos Central.
How we handle Windows usernames and login names
Users are listed with full login name, including the domain if available (for example,
If there is no domain, and a user logs in to multiple computers, multiple user entries are displayed for this user, for example
MACHINE2\user1. To merge these entries, delete one and assign the login to the other (and rename the user, if required). See Endpoint protection deployment methods.