Enable Malicious Traffic Detection
Sophos Enterprise Console 5.3.0 introduced support for Malicious Traffic Detection, which detects communications between endpoint computers and command and control servers involved in botnet or other malware attacks. If you upgraded from a version earlier than 5.3.0, or haven’t enabled this feature before, you need to enable it after the upgrade to benefit from it.
Note Malicious traffic detection is currently supported only on Windows 7 and later
non-server operating systems and is first available in Sophos Endpoint Security and Control 10.6.0.