2023/2024 Service Definition

Anti-Virus and Threat Protection Service (Sophos Central)

About the Service

The Anti-Virus and Threat Protection Service (Sophos Central) provides schools with licences for a comprehensive suite of technologies to protect your school's devices from a wide variety of threats. Sophos Central is a cloud-hosted security suite that provides schools access to modern security tools and protection.

This service includes licencing for the following features:

  • Threat Protection (Anti-Virus) – Detection and automatic removal of ransomware, viruses and malware.
  • Application Control – Block, allow or monitor Applications by category or name.
  • Device Control – Block, allow or monitor removable media and peripherals such as USB sticks, Bluetooth or DVDs.
  • Data Loss Prevention – Block, allow or monitor the transfer of confidential information from your ICT systems.
  • Server Lockdown – Prevents unauthorised software from being installed on servers.

We will configure your school's service with the Threat Protection (Anti-Virus) configuration, you can then either use "as is" or customise to your school's needs by adding the other features.

What are the benefits?

  • Sophos Central can quickly detect and disinfect a wide range of threats.
  • Your subscription will allow you to install the Sophos Central Intercept X Advanced or Sophos Central Intercept X Advanced for Server endpoint protection on each compatible device in your school.
  • By protecting your ICT systems and data, you are helping to ensure your compliance with data protection requirements.
  • Each school has access to their own Sophos Central Dashboard.
  • Email alerting to schools in the case of outstanding events.
  • Comprehensive reporting capability.
  • The option to further secure devices by controlling the applications they run or the peripherals that connect to them.

What's Included?

Service Features

Feature Description
Sophos Central InterceptX Advanced Licences

Licences included within our 2023/24 subscription are:

  • Sophos Central InterceptX Advanced (CIXA)
  • Sophos Central InterceptX Advanced for Server (SVRCIXA)

Sophos Central Endpoint Protection provides comprehensive protection for PCs, servers and devices against:

  • Malware
  • Ransomware
  • Exploits
  • Viruses

Once installed on the device, the service continuously monitors and protects and will detect and remove known threats.

Anti-Virus Configuration

Sophos Central Endpoint Protection will provide automated detection and disinfection of viruses and malware on all Sophos protected PCs, devices and servers. 

Where automated disinfection cannot complete, manual intervention will be needed. Your school Sophos administrators will receive a notification email to warn them intervention may be needed.

Preconfigured Threat Protection (Anti-Virus) default policy settings will ensure (policy settings can be used "as is" or modified as required):

  • Recommended Sophos Anti-Virus settings are in place.
  • Appropriate exceptions have been applied for Windows Server, RBUSS and SIMS to allow their error free operation.
  • Daily virus scans are applied to help further protect your PCs.
Local Administration (Sophos Central Dashboard)
  • Schools have full access to their Sophos Central administration dashboard for control of Endpoints managed by Sophos Central, allowing devices to receive updates within a few minutes following their release.
  • Access to the dashboard is secured with Multi-Factor Authentication (MFA).

Installation instructions for PCs, servers and devices are available from the Support pages on our website. These include guides and videos.

Information provided by Sophos is here:

The following additional features are also included in your annual subscription on a licence only basis. Schools may choose to enable these extra features themselves, if required:

Feature Description
Device Control
(Licence only)

Block, allow or monitor removable media such as:

  • USB sticks
  • Bluetooth devices
  • DVDs
Application control
(Licence Only)
  • The Application Control feature allows you to control which applications can be used on your computers. Preventing the installation or execution of applications that present a security risk on your servers or PCs can help protect your network. 
  • Application control can restrict access to applications such as hacking software, games and peer-to-peer file sharing utilities.
  • It uses a category-based selection method and can be used to block categories such as "VPN software", "games " and "browser plugins".

Data Loss Protection (DLP) (Licence only)


  • Data Loss Prevention (DLP) mitigates the potential for data loss.
  • Monitor and restrict the transfer of files containing sensitive data. For example, you can prevent a user sending a file containing specific sensitive data using web-based email.

Server Lockdown

The Server Lockdown feature helps protect your server from malware and unexpected changes to software. When enabled, it prevents new software from being installed whilst allowing authorised upgrades and patches to be performed.

This feature will be enabled by default on school servers managed under either of these two services:

  • Technical Support for Curriculum Networks
  • SIMS Software and Administration Systems Support (Managed SIMS)