Skip to content


The Settings page is only available if you have signed in as an administrator.

You may not have all the features described here. This depends on your license.

You can temporarily change the security settings.

You might need to do this to troubleshoot. For example, you might want to turn off a feature to see if it is causing problems.

How to change settings

To change settings temporarily, do as follows.

  1. Click Admin sign-in (Windows) or Admin login (Mac) in the upper right of the page.
  2. Enter the tamper protection password (available from your Sophos Central administrator). There is now a Settings link in the menu bar.
  3. Go to the Settings page.
  4. Check the box marked Override Sophos Central Policy for up to 4 hours to troubleshoot.

    Settings page

You can now make changes on this page. The changes temporarily override the policy that you (or another administrator) have applied in Sophos Central Admin.

After four hours, the settings automatically change back to the centrally-enforced policy settings.

You can change the settings back sooner if you want to. You can’t use the slider controls to do this for individual features. Instead, turn off Override Sophos Central Policy for up to 4 hours to troubleshoot


You can turn the following features on or off.

Deep learning

This feature is only available for Windows.

Deep learning uses advanced machine learning to detect threats. It can identify malware and potentially unwanted applications without using signatures.

Real-time Scanning

Real-time scanning scans items as users attempt to access them, and denies access unless they are clean. You can select:

  • Files: This scans local files and (if this is selected in the policy) network shares.
  • Internet: This scans internet resources. It can scan downloads in progress, block access to malicious websites, and detect low-reputation websites.

Controls on Users

  • Peripheral Control lets you control access to peripherals and removable media.
  • Application Control lets you detect and block applications that are not a security threat, but that you decide are unsuitable for use in the office.
  • Web Control lets you protect against risky downloads, control the sites that users can visit, and prevent data loss.
  • Data Loss Prevention lets you monitor and restrict the transfer of files containing sensitive data.
  • Tamper Protection lets you restrict changes. If this is turned on, a local administrator needs the necessary password to change security settings or uninstall Sophos Endpoint.

Runtime Protection

Runtime protection protects against threats by detecting suspicious or malicious behavior or traffic.

  • Ransomware Detection: This protects against malware that restricts access to files, and then demands a fee to release them.
  • Malicious Behavior Detection: This detects and blocks behavior that is known to be malicious or is suspicious.

The following runtime protection features are only available for Windows:

  • Safe Browsing: This protects web browsers against exploitation by malware.
  • Exploit Mitigation: This protects the applications most prone to exploitation by malware, such as Java applications.
  • Network Threat Protection: This detects traffic between an endpoint computer and a server that indicates a possible attempt to take control of the endpoint computer. It includes packet inspection, which scans network communications, identifying and blocking threats before they can harm the operating system or applications.


    If you turn off Network Threat Protection, the features that isolate devices or configure them to reject network connections are also turned off.

Computer controls

This feature is only available for Windows.

You can monitor Windows Firewall (and other registered firewalls) on the computer or server.

Back to top