What feature allows Sophos Endpoint to rollback ransomware changes?

The feature that allows Sophos Endpoint to rollback ransomware changes is CryptoGuard. This technology is specifically designed to detect unauthorized encryption of files that typically occurs during a ransomware attack. When CryptoGuard detects such activity, it intervenes by automatically rolling back the changes made by the ransomware to restore the affected files to their previous, unencrypted state. This proactive measure helps mitigate the impact of ransomware, ensuring that users’ data remains secure and recoverable.

This function is critical, as ransomware attacks can lead to significant data loss and operational disruption. By leveraging CryptoGuard, organizations can enhance their security posture against these types of threats, allowing for immediate recovery without having to resort to paying ransoms or losing essential data.

The other options presented serve different security purposes. Web Filtering is focused on blocking harmful websites but does not directly address ransomware rollback. Data Hygiene emphasizes the importance of data governance and management rather than real-time threat response. Endpoint Isolation involves restricting the flow of data from compromised systems to prevent spread but does not specifically rollback file changes.