Recommended settings

The anti-virus and HIPS policy specifies how the security software scans computers for viruses, Trojans, worms, spyware, adware, potentially unwanted applications (PUAs), suspicious behavior, and suspicious files, and how it cleans them up. When setting up your anti-virus and HIPS policy, consider the following:

• The default anti-virus and HIPS policy will protect computers against viruses and other malware. However, you may want to create new policies, or change the default policy, to enable detection of other unwanted applications or behavior.
• To take full advantage of Sophos Live Protection, which is enabled by default, we recommend also selecting the Automatically send sample files to Sophos option.
• Enable Malicious Traffic Detection, which detects communications between endpoint computers and command and control servers involved in botnet or other malware attacks. The Detect malicious traffic option is enabled by default for new installations of Sophos Enterprise Console 5.3 or later. If have upgraded from an earlier version of Sophos Enterprise Console, you need to enable this option to benefit from the feature.
  Note Malicious traffic detection is currently supported only on Windows 7 and later non-server operating systems. It requires Sophos Live Protection.
• Use the Alert only option to only detect suspicious behavior. Initially defining a report only policy enables you to gain a better view of suspicious behavior across your network. This option is enabled by default and should be deselected once policy rollout is complete to block programs and files.

For more information, see knowledge base article 114345.