Server: Threat Protection

Threat protection keeps you safe from malware, risky file types and websites, and malicious network traffic.

Restriction Some options are only for Windows servers. The columns on the right of the page show you which server type each option is for.

SophosLabs can independently control which files are scanned. They may add or remove scanning of certain file types in order to provide the best protection.

You can either use the recommended settings or change them.

Intercept X Advanced for Server

If you have this license, your threat protection policy offers protection from ransomware and exploits, signature-free threat detection, and root cause analysis of threat events.

We recommend that you use these settings for maximum protection.

If you enable any of these features, servers assigned to this policy will use an Intercept X Advanced for Server license.

Server Protection default settings

We recommend that you leave these settings turned on. These provide the best protection you can have without complex configuration.

These settings offer:

  • Detection of known malware.
  • In-the-cloud checks to enable detection of the latest malware known to Sophos.
  • Proactive detection of malware that has not been seen before.
  • Automatic cleanup of malware.
  • Automatic exclusion of activity by known applications from scanning.

Scheduled Scanning

Scheduled scanning performs a scan at a time or times that you specify.

You can select these options:

  • Enable scheduled scan: This lets you define a time and one or more days when scanning should be performed.
    Note The scheduled scan time is the time on the endpoint computers (not a UTC time).
  • Enable deep scanning: If you select this option, archives are scanned during scheduled scans. This may increase the system load and make scanning significantly slower.


You can exclude files, folders, websites or applications from scanning for threats, as described below.

We'll still check excluded items for exploits. However, you can stop checking for an exploit that has already been detected (use a Detected Exploits exclusion).

Exclusions set in a policy are only used for the users the policy applies to.

Note If you want to apply exclusions to all your users and servers, set up global exclusions on the Global Settings > Global Exclusions page.

To create a policy scanning exclusion:

  1. Click Add Exclusion (on the right of the page).

    The Add Exclusion dialog is displayed.

  2. In the Exclusion Type drop-down list, select a type of item to exclude (file or folder, website, potentially unwanted application, or device isolation).
  3. Specify the item or items you want to exclude.
  4. For File or folder exclusions only, in the Active for drop-down list, specify if the exclusion should be valid for real-time scanning, for scheduled scanning, or for both.
  5. Click Add or Add Another. The exclusion is added to the scanning exclusions list.

To edit an exclusion later, click its name in the exclusions list, enter new settings, and click Update.

Desktop Messaging

You can add a message to the end of the standard notification. If you leave the message box empty only the standard message is shown.

Enable Desktop Messaging for Threat Protection is on by default. If you switch it off you will not see any notification messages related to Threat Protection.

Enter the text you want to add.