Anti-virus and HIPS policy

By default, the Security VM does as follows:

  • Scans files when they are accessed on the guest VMs.
  • Blocks access to infected files.
  • Cleans up detected threats automatically.

The anti-virus and HIPS policy settings don't all apply to the Security VM. This section describes which scanning options apply and can be configured centrally.

For more information about the settings, see the Sophos Enterprise Console help.

On-access scanning

On-access scan settings are supported as detailed below. Behavior monitoring is not supported.

To open the on-access scanning settings pages in Sophos Enterprise Console:

  1. In the Policies pane, double-click Anti-virus and HIPS.
  2. Double-click the policy you want to change.
  3. In the Anti-Virus and HIPS Policy dialog, look for the On-access scanning panel. Beside Enable on-access scanning, click Configure.

    The On-access scan settings dialog is displayed.

The options on each tab are shown below.

Scanning

Supported?

Notes

Check files on Read/Rename/Write

No

If one or more of the options are enabled, the Security VM scans in all three scenarios.

If all three options are disabled, your system is not protected.

Scan for Adware and PUAs/Suspicious files

No

Allow access to drives with infected boot sectors

No

Scan inside archive files (not recommended)

Yes

Scan system memory

No

Extensions

Supported?

Scan all files (not recommended)

Yes

Scan only executable and other vulnerable files

Yes

Additional file type extensions to be scanned

Yes

Scan files with no extension

Yes

Exclude file types from scanning

Yes

Exclusions

Supported?

Notes

Windows Exclusions tab

Yes

To exclude a folder, you must specify the full path, including the drive letter or network share name, for example, "C:\Tools\logs\" or "\\Server\Tools\logs\".

For more information, see the section about configuring the anti-virus and HIPS policy in the Sophos Enterprise Console help.

Mac Exclusions tab

No

Linux/UNIX Exclusions tab

No

Cleanup

Supported

?

Notes

Cleanup of viruses/spyware

Yes

The alternative actions to be applied if cleanup fails have no effect. The Security VM always denies access to infected items.

Cleanup of suspicious files

No

For more information about the settings and which settings to choose, see the Sophos Enterprise Console help.

Scheduled scanning

To set up or edit a scheduled scan:

  • In the Anti-Virus and HIPS Policy dialog, look for the Scheduled scanning panel.
  • Click Add or Edit.

You can also specify additional file types to be scanned or exclude items from scanning by clicking Extensions and Exclusions.

Scheduled scan settings are supported as detailed below. Add/Edit > Scheduled scan settings.

Scheduled scan settings

Supported?

Notes

Local hard disks

Yes

Floppy disk and removable drives

Yes

CD drives

Yes

When scan occurs

Yes

The Security VM starts the scan at the scheduled time, but by default scans only two guest VMs at a time, to limit the impact on system performance.

Add/Edit > Scheduled scan settings > Configure > Scanning and cleanup settings

Scanning and cleanup

Supported?

Notes

Scanning tab

Scan files for Adware and PUAs/Suspicious files/Rootkits

No

Scan inside archive files

Yes

Scan system memory

No

System memory is scanned by default. You can't configure this option.

Run scan at lower priority

No

Cleanup tab

Cleanup of viruses/spyware

Yes

The Security VM doesn't automatically clean up floppy disk drives, CD drives or network locations.

Actions for infected items if cleanup has not taken place have no effect. The Security VM will always log the event when cleanup has not taken place.

Cleanup of adware and PUA

No

Cleanup of suspicious files

No

Extensions and Exclusions > Scheduled scan extensions and exclusions.

Extensions and Exclusions

Supported?

Notes

Extensions tab

Scan all files (not recommended)

Yes

Scan only executable and other vulnerable files

Yes

Additional file type extensions to be scanned

Yes

Scan files with no extension

Yes

Exclude file types from scanning

Yes

Exclusions tabs

Windows Exclusions tab

Yes

To exclude a folder from scanning, you must specify the full path, including the drive letter or network share name, for example, C:\Tools\logs\ or \\Server\Tools\logs\.

For more information, see the Sophos Enterprise Console help.

Mac Exclusions tab

No

Linux/UNIX Exclusions tab

No

Sophos Live Protection

Live Protection checks suspicious files against the latest malware information in the SophosLabs database.

Option

Supported?

Enable Live Protection

Yes

Enable Live Protection for on-demand scanning

Yes

Automatically send file samples to Sophos

No

Web protection

Not supported.

Authorization

Authorization, as well as detection, of adware and other potentially unwanted applications (PUAs) is not supported.

Messaging

Only email messaging is supported.