Endpoint Protection

You install an Endpoint Protection agent on workstations to protect them against malware, risky file types and websites, and malicious network traffic.

It also offers peripheral control, web control and more.

Sophos Device Encryption is also installed automatically on Windows computers (if you have the required license).

Note

On Windows computers, we create some user groups that are used by Sophos Anti-Virus. These groups are SophosUser, SophosPowerUser and Sophos Administrator. Don't delete them.

For help with setting up your firewall or proxy to communicate between Sophos Central Admin and your managed endpoints, see Domains and ports to allow.

Download and run installers

Some options may not be available for all customers yet.

You need to download an installer and run it on computers you want to protect. You can choose from two sets of installers:

Full malware protection
XDR Sensor

Note

Endpoint installers are for Windows and macOS only. For Linux installers, look under Server Protection.

Full malware protection

Go to Protect Devices.
In Endpoint Protection, under Full malware protection and more, do one of the following:
- Click Download Complete Windows Installer or Download Complete macOS Installer. This installer includes all endpoint products your license covers.
- Click Choose Components… to choose which products will be included in the installer.
  
  If you select XDR Sensor we won't install protection. You must have third-party protection installed.
  
  Restriction
  
  You can only install XDR Sensor on Macs running macOS Big Sur 11 or later.
Go to the Downloads folder and run the installer.

Alternatively, click Send Installers to Users. This takes you to a page where you can add users and send them installers that they can use. You can only use this option for Windows computers.

XDR Sensor installers

XDR Sensor detects threats and sends data to the Sophos Data Lake for analysis.

XDR Sensor doesn't protect against threats. You must have third-party protection installed. You must also have a licence that includes XDR.

Go to Protect Devices.
In Endpoint Protection, under XDR Sensor installers, click the installer for your operating system.

Restriction

You can only install XDR Sensor on Macs running macOS Big Sur 11 or later.
Go to the Downloads folder and run the installer.

Before you install on Macs

Before you install our protection software on Macs, you need to know the following:

On macOS 11 Big Sur, you must move the SophosInstall.zip file to the user's Home folder.
On macOS 13 Ventura, you can turn off our software. We strongly recommend you don't do this as it removes your protection. You can check that our software is turned on. To do this on your Mac, go to Settings > General > Login items. Check that Sophos is turned on.
If the .zip file is automatically extracted in the Downloads folder, do as follows:
1. Run xattr ~/Downloads/SophosInstall/Sophos\ Installler.app. This will likely display com.apple.quarantine.
2. Run sudo xattr -r -d com.apple.quarantine ~/Downloads/SophosInstall/Sophos\ Installer.app.
3. Run the installer normally.
If the files are extracted in a different location, for example, in the Documents or Desktop folder, adjust the paths accordingly.

What happens when you protect a computer

When you protect a computer:

Each user who logs in is added to the users list in Sophos Central automatically.
Default policies are applied to each user.
Each computer is added to the Computers list in Sophos Central.

Users are listed with full login name, including the domain if available (for example, DOMAINNAME\jdoe).

If there is no domain, and a user logs in to multiple computers, multiple user entries are displayed for this user, for example MACHINE1\user1 and MACHINE2\user1. To merge these entries, delete one and assign the login to the other (and rename the user, if required). See Endpoint protection deployment methods.