Skip to content

XDR Overview

Grant permissions so that Intercept X Advanced with XDR or Intercept X Advanced for Server with XDR gives complete protection for your customers.

Your customers with Intercept X Advanced with XDR or Intercept X Advanced for Server with XDR can improve their searches for details on malicious portable executable files. To allow this, make sure that devices can continuously send data about any suspicious files to Sophos Central Admin. The data sent back gives details about the suspicious files, the network destinations they connect to, and the admin tools they attempt to run.

For each customer, you must turn on the Allow computers to send data on suspicious files, network events, and admin tool activity to Sophos Central setting in the threat protection policies in Sophos Central.

You must turn it on for both endpoint and server policies for all customers who have Intercept X Advanced with XDR or Intercept X Advanced for Server with XDR. You must also check that the setting is turned on in any additional threat protection policies your customers have created.

To turn on this setting, do as follows:

  1. Go to Settings & Policies > Global Templates.
  2. Click Endpoint Protection.

    Endpoint Protection is shown in this screenshot:

    Screenshot shows Endpoint Protection menu.

  3. Turn on Allow computers to send data on suspicious files, network events, and admin tool activity to Sophos Central

    This screenshot shows the permission turned on:

    Screenshot shows threat policy remediation settings.

  4. You must also do this in the server protection policies.

  5. Click Edit customers to assign all relevant customers to the template.

    This setting is ignored if applied to an account with no XDR license, so you can turn it on for all MSP accounts.

    This screenshot shows the Edit customers setting:

    Screenshot shows how to assign customers to templates.

Now, check the setting is turned on in any additional threat protection policies that the customer has created.