Skip to content

Sophos Endpoint Agent Application User Interface๐Ÿ”—

The Sophos Endpoint Agent app user interface helps you keep your computer secure. You can check the security status, scan for threats, and review recent security events. The features available depend on your version of Sophos Agent.

Note

The Sophos Endpoint Agent application user interface is available for Windows and macOS only.

Accessing the Application UI๐Ÿ”—

Double-click the Sophos icon in the system tray to open the app UI. If you do not see the icon, search for Sophos in the Windows Start menu to start the application.

Sophos Agent User Interface

Click the Sophos icon on the menu bar, and click the Open Endpoint Self Help option that shows to open the app UI. Alternatively, search for Sophos using Spotlight.

Sophos Agent for macOS App User Interface

Status Page๐Ÿ”—

The Status page gives you an overview of your computerโ€™s security.

What You Can Do๐Ÿ”—

  • See the computerโ€™s security status.
  • Scan the computer for threats.
  • View installed features and their security status.
  • Use the About link in the lower right to update or troubleshoot Sophos Agent.

Security Status Icons๐Ÿ”—

An icon in the upper left shows the current security status.

Icon Status Description
Green No alerts, or only low-priority alerts
Red High-priority alerts
Yellow Medium-priority alerts
Gray Status is unknown

Features Installed๐Ÿ”—

All installed features display their security status. Features depend on your agent version and may include:

  • Malware and PUA Protection
  • Data Protection (Windows) or Device Encryption (Mac)
  • Zero Trust Network Access

Note

Data Protection refers to encryption with BitLocker.

Status Tab

Scanning the Computer๐Ÿ”—

You can scan your computer for threats from the Status or Detections page.

How to Scan๐Ÿ”—

  1. Go to the Status or Detections page.
  2. Select Scan next to the malware and PUA status.

  3. Choose Quick scan or Full scan.

    Feature Description
    Quick Scan - Checks memory, Master Boot Record (MBR), running processes, and files that run at startup
    - Provides rapid results
    Full Scan - Scans all files, folders, memory, and the MBR
    - Takes longer than a quick scan

Viewing Scan Results๐Ÿ”—

  • The Detections page shows scanning progress and results.
  • If threats are detected, go to the Events page for details.

Scan a File๐Ÿ”—

You can select a single file or multiple files and start a scan from the right-click menu. For instructions, click the tab for your operating system.

  1. In Explorer, right-click the file.
  2. Select Scan.
  3. Check scanning progress and results on the Detections page.
  1. In Finder right-click the file or files and select Scan with Sophos Endpoint.
  2. A Finder Item Scan dialog opens and shows you scanning progress and results.

If you don't see Scan with Sophos Endpoint when you right-click, you need to add it as a service.

Add the Scan Service๐Ÿ”—

  1. Open Sophos Endpoint and click Services > Services Settings.

Services Settings

Alternatively, on the Mac go to System Settings > Keyboard > Keyboard Shortcuts > Services.

  1. In Services, click Files and Folders, and select Scan with Sophos Endpoint.

Select Scanning Service

  1. Click Done.

Events Page๐Ÿ”—

The Events page shows all security events on your computer. You can filter, search, and review event details.

Event List๐Ÿ”—

Each event displays:

  • Severity โ€” The icon shows if the event is high priority, medium priority, or a notification.
  • Source โ€” The icon indicates which Sophos feature reported the event.
  • Date and Time โ€” When the event occurred.
  • Description โ€” What happened.
  • Action Link โ€” If youโ€™re signed in as an administrator and action is required.

To view details, select the arrow to the right of the event.

Events Tab

Event Filters๐Ÿ”—

Filter events by:

  • Priority โ€” High, medium, or notification.
  • Resolution โ€” Show unresolved or all events.
  • Source โ€” Filter by the reporting Sophos feature.
  • Detection Type โ€” Filter by type of threat or item (options depend on your operating system).

Event Filters

Detections Page๐Ÿ”—

The Detections page shows all threats detected on your computer.

What You Can Do๐Ÿ”—

  • Check whether there are any threats to address.
  • See detection history for malware and PUAs.
  • Select Scan to run a new scan.

If no malware or PUAs are outstanding, all threats have been cleaned up.

Detection Tab

Detection History๐Ÿ”—

  • See statistics for each type of threat.
  • Select a threat type to view related events on the Events page.

Detection History

Detection Types๐Ÿ”—

Sophos Agent detects several types of threats and unwanted items.

Detection Type Description
Malware and PUAs Malware includes viruses, worms, Trojans, and spyware. PUAs (Potentially Unwanted Applications) are programs that arenโ€™t malicious but are unsuitable for most business networks.
Web Threats Malicious or uncategorized websites, and risky downloads. Includes sites unsuitable for business, such as adult content or social media.
Malicious Behavior Suspicious behavior in running software. (Windows only.)
Ransomware Malware that blocks access to files until a ransom is paid.
Controlled Items Applications, peripherals, removable media, risky downloads, inappropriate websites, and files with sensitive information.
Malicious Traffic Network traffic that may indicate attempts to take control of the computer.
Exploits Application hijacks and attacks on vulnerabilities in browsers, plugins, Java, media, and Microsoft Office. (Windows only.)

Settings Page๐Ÿ”—

The Settings page is available when you sign in as an administrator.

How to Access Settings๐Ÿ”—

  1. Select Admin sign-in (Windows) or Admin login (Mac) in the upper right.
  2. Enter the tamper protection password from your Sophos Central administrator.
  3. The Settings tab appears in the menu bar.

Note

Not all features are available on all licenses.

Overriding Policy๐Ÿ”—

You can temporarily override the Sophos Central policy for up to four hours for troubleshooting.

  1. On the Settings page, check Override Sophos Central Policy for up to four hours to troubleshoot.
  2. Make the necessary changes.
  3. After four hours, settings revert automatically. To revert sooner, clear the override check box.

You canโ€™t use sliders to revert individual features early. Use the override check box.

Override Policy

Security Features๐Ÿ”—

You can turn the following features on or off, depending on your license and operating system.

Deep Learning๐Ÿ”—

Uses advanced machine learning to detect threats without relying on signatures.

Real-Time Scanning๐Ÿ”—

Scans items as users attempt to access them.

  • Files โ€” Scans local files and network shares (if enabled).
  • Internet โ€” Scans downloads, blocks malicious sites, and detects low-reputation sites.

Controls on Users๐Ÿ”—

  • Peripheral Control โ€” Manage access to peripherals and removable media.
  • Application Control โ€” Detect and block applications unsuitable for business use.
  • Web Control โ€” Block risky downloads and websites, and prevent data loss.
  • Data Loss Prevention โ€” Monitor and restrict the transfer of sensitive data.

Tamper Protection๐Ÿ”—

Restricts changes to security settings or uninstalling Sophos Agent. Requires the tamper protection password.

Runtime Protection๐Ÿ”—

Protects against threats by detecting suspicious or malicious behavior or traffic.

  • Ransomware Detection โ€” Blocks malware that restricts file access for ransom.

  • Malicious Behavior Detection โ€” Blocks known and suspicious malicious behavior.

  • Safe Browsing โ€” Protects browsers from exploitation.

  • Exploit Mitigation โ€” Protects applications prone to malware exploitation.
  • Network Threat Protection โ€” Detects and blocks network threats. Includes packet inspection.

Note

Turning off Network Threat Protection also disables features that isolate devices or block network connections.

Computer Controls๐Ÿ”—

Monitor the Windows Firewall and other registered firewalls.