Skip to content

Output configuration

You can output the device's configuration from the command line. This lets other applications check security settings easily, rather than using methods like accessing the registry.

You can only output a pre-defined list of Sophos Central policy settings that the device uses.

You use the command-line tool sophosinterceptxcli.exe. This tool is available in the following location: C:/Program Files/Sophos/Endpoint Defense.

Sign in as an administrator. If you don't, the tool can't access the configuration data.

Query configuration

To output configuration, use the query command with the configuration subcommand and, optionally, the setting you want.

query configuration [policy setting] [--name] [--json]

Policy settings

Currently only one policy setting can be output.

Policy option Description
on_access_scan_enabled Enable real-time scanning


Parameter Description
--json Outputs the configuration in JSON format.
--name Outputs the named policy option only.

--name might be useful in future when the query can output multiple options.