Exploit prevention policy

Note This feature is not included with all licenses. If you want to use it, you might need to change your license.

Exploit prevention lets you:

  • Protect document files from ransomware (CryptoGuard).
  • Protect against attacks on the boot sector (WipeGuard).
    Warning This functionality is not currently available for servers.
  • Protect critical functions in web browsers (Safe Browsing).
  • Mitigate exploits. This protects the applications most vulnerable to exploitation by malware, such as Java applications.
  • Protect against process hollowing attacks.
  • Protect against loading .DLL files from untrusted folders.
  • Protect against processor branch tracing.

By default, exploit prevention and all exploit prevention options are turned on.

Warning If you upgrade your license to include Exploit Prevention, it is not automatically installed on the computers you already manage. You need to reprotect the computers to install it.

You can exclude applications from exploit prevention. Note that they will still be protected by CryptoGuard and Safe Browsing.

For more information about the recommended settings for exploit prevention, see the Sophos Enterprise Console policy setup guide.

If you use role-based administration:

  • You must have the Policy setting - exploit prevention right to configure an exploit prevention policy.
  • You cannot edit a policy if it is applied outside your active sub-estate.

HitmanPro.Alert and policy updates

HitmanPro.Alert detects applications, on endpoints, that need protection. It reports the detected application to the Sophos Enterprise Console server. The server collates the applications that require protection and every 120 minutes merges the new application data into the policy. The server distributes the updated policy to the endpoints and provides the list of applications to be protected.