SonicWall Capture Client is a unified client platform that delivers multiple Endpoint Detection & Response (EDR) capabilities, including behavior-based malware protection, advanced threat hunting and visibility into application vulnerabilities.

Modern Endpoint Protection

Modern endpoint protection is designed to provide security against the latest threats no matter where the endpoint sits.

Capture Client’s integration with the Capture Security Center creates a single pane of glass across network and endpoint security operations for centralized control of attack visualization, rollback and remediation, network control and remote shell troubleshooting abilities.

What Administrators Need to Look for When Buying an Endpoint Security Solution

As mass telecommuting continues, administrators need to deliver consistent protection for endpoints, anywhere. SonicWall’s boundless protection can help. This brief helps walk security administrators through evaluating endpoint solutions with real-world requirements in mind. Read through the brief for solutions to common challenges (from keeping security products up to date to managing licenses and everywhere in between).

Get The Brief

Why Choose Capture Client?

The SonicWall Capture Client offers best of breed, next-gen antivirus protection with built-in autonomous EDR. Not only does Capture Client excel in offering effective threat protection, the synergy with the SonicWall platform allows for increased visibility and protection both on and off network. Ensure your security is boundless with Capture Client’s protection and centralized management.

Stop Attacks before execution

Protects against ransomware, known and unknown malware, memory exploits, and more

Visibility into Application Vulnerabilities

See what applications are vulnerable, their severity and why

Easy Management

Easy-to-use, cloud-based controls for troubleshooting, remediation, license management, and more

Remediate & Rollback

Restore any data affected by an attack with unique Windows one-click rollback capabilities

Manage Multiple Tenants with Ease

The Global Dashboard gives MSSPs a snapshot into the health of their tenants within a global view through the addition of more data. Administrators can see the health of each tenant by:

  • The number of infections
  • Vulnerabilities present
  • The version of Capture Client installed
  • What and who is being blocked the most by content filtering

This dashboard can also tell you which devices are online and operating.

“The improvements made to the Capture Client 3.5 management console allow me to effectively configure, install, and manage our deployment across 5,000 sites and 60,000 endpoints. There are a number of improvements both functional and cosmetic that deliver a more friendly experience. It streamlines my onboarding process and better overall visibility into what is happening at my customer sites.”

Tony Kingma, Senior IT Manager, Epicor Software

Video Library

Capture ATP Integration

Advanced Capture Client integrates with SonicWall Capture Advanced Threat Protection (ATP) to take advantage of its ability to manipulate and test files in ways that endpoints can’t. Discovering, quarantining, and removing undercover threats before they execute saves time for end users and administrators.


The SonicWall Capture Client platform is available in the form of two packages as shown in the table below:

Feature Capture Client – Advanced Capture Client – Premier
Integration with CSC for Single Pane of Glass, Integrated Reporting and Role-based Access Control
Firewall Enforcement
DPI-SSL Cert Manager
Next-generation AV powered by SentinelOne
Whitelisting of known good applications
Windows server support
Application Vulnerability Intelligence
Attack Visualization
Content Filtering
Next-Generation AV powered by SentinelOne with Rollback
Capture Advanced Threat Protection (ATP) integration to automatically test suspicious files
Capture ATP file verdict lookup
Device Control
Network Control
Remote Shell
Deep Visibility Threat Hunting