Anti-virus and HIPS policy

By default, the Security VM does as follows:

  • Scans files when they are accessed on the guest VMs.
  • Blocks access to infected files.
  • Cleans up detected threats automatically.

The anti-virus and HIPS policy settings don't all apply to the Security VM. This section describes which scanning options apply and can be configured centrally.

For more information about the settings, see the Sophos Enterprise Console Help.

On-access scanning

On-access scan settings are supported as detailed below. Behavior monitoring is not supported.

To open the on-access scanning settings pages in Sophos Enterprise Console:

  1. In the Policies pane, double-click Anti-virus and HIPS.
  2. Double-click the policy you want to change.
  3. In the Anti-Virus and HIPS Policy dialog, look for the On-access scanning panel. Beside Enable on-access scanning, click Configure.

    The On-access scan settings dialog is displayed.

The options on each tab are shown below.

Scanning Supported? Notes
Check files on Read/Rename/Write No If one or more of the options are enabled,the Security VM scans in all three scenarios.

If all three options are disabled, your system is not protected.

Scan for Adware and PUAs/Suspicious files No
Allow access to drives with infected boot sectors No
Scan inside archive files (not recommended) Yes
Scan system memory No
Extensions Supported? Notes
Scan all files (not recommended) Yes
Scan only executable and other vulnerable files Yes
Additional file type extensions to be scanned Yes
Scan files with no extension Yes
Exclude file types from scanning Yes
Exclusions Supported? Notes
Windows Exclusions tab Yes To exclude a folder, you must specify the full path, including the drive letter or network share name, for example, "C:\Tools\logs\" or "\\Server\Tools\logs\".

For more information, see the Sophos Enterprise Console Help, in the section about configuring the anti-virus and HIPS policy.

Mac Exclusions tab No
Linux/UNIX Exclusions tab No
Cleanup Supported? Notes
Cleanup of viruses/spyware Yes The alternative actions to be applied if cleanup fails have no effect. The Security VM always denies access to infected items.
Cleanup of suspicious files No

For more information about the settings and which settings to choose, see the Sophos Enterprise Console Help.

Scheduled scanning

To set up or edit a scheduled scan:

  • In the Anti-Virus and HIPS Policy dialog, look for the Scheduled scanning panel.
  • Click Add or Edit.

You can also specify additional file types to be scanned or exclude items from scanning by clicking Extensions and Exclusions.

Scheduled scan settings are supported as detailed below.

Go to Add/Edit > Scheduled scan settings.
Scheduled scan settings Supported? Notes
Local hard disks Yes
Floppy disk and removable drives Yes
CD drives Yes
When scan occurs Yes The Security VM starts the scan at the scheduled time, but by default scans only two guest VMs at a time, to limit the impact on system performance.
Go to Add/Edit > Scheduled scan settings > Configure > Scanning and cleanup settings
Scanning and cleanup Supported? Notes
Scanning tab
Scan files for Adware and PUAs/Suspicious files/Rootkits No
Scan inside archive files Yes
Scan system memory No System memory is scanned by default. You cannot configure this option.
Run scan at lower priority No
Cleanup tab
Cleanup of viruses/spyware Yes The Security VM doesn't automatically clean up floppy disk drives, CD drives or network locations.

Actions for infected items if cleanup has not taken place have no effect. The Security VM will always log the event when cleanup has not taken place.

Cleanup of adware and PUA No
Cleanup of suspicious files No
Go to Extensions and Exclusions > Scheduled scan extensions and exclusions
Extensions and Exclusions Supported? Notes
Extensions tab
Scan all files (not recommended) Yes
Scan only executable and other vulnerable files Yes
Additional file type extensions to be scanned Yes
Scan files with no extension Yes
Exclude file types from scanning Yes
Exclusions tabs
Windows Exclusions tab Yes To exclude a folder from scanning, you must specify the full path, including the drive letter or network share name, for example, "C:\Tools\logs\" or "\\Server\Tools\logs\".

For more information, see the Sophos Enterprise Console Help.

Mac Exclusions tab No
Linux/UNIX Exclusions tab No

Sophos Live Protection

Live Protection checks suspicious files against the latest malware information in the SophosLabs database.

Option Supported? Notes
Enable Live Protection Yes
Enable Live Protection for on-demand scanning Yes
Automatically send file samples to Sophos No

Web protection

Not supported.

Authorization

Authorization, as well as detection, of adware and other potentially unwanted applications (PUAs) is not supported.

Messaging

Only email messaging is supported.