Enable Malicious Traffic Detection

Sophos Enterprise Console 5.3.0 introduced support for Malicious Traffic Detection, which detects communications between endpoint computers and command and control servers involved in botnet or other malware attacks. If you upgraded from a version earlier than 5.3.0, or haven’t enabled this feature before, you need to enable it after the upgrade to benefit from it.

Note Malicious traffic detection is currently supported only on Windows 7 and later non-server operating systems and is first available in Sophos Endpoint Security and Control 10.6.0.
  1. Check which anti-virus and HIPS policy is used by the group or groups of computers for which you want to enable the new feature.

    In the Groups pane, right-click the group. Select View/Edit Group Policy Details. In the group details dialog box, you can see the policies currently used.

  2. In the Policies pane, double-click Anti-virus and HIPS.
  3. Double-click the policy you want to change.
    The Anti-Virus and HIPS policy dialog box is displayed.
  4. In the On-access scanning panel, make sure the Enable behavior monitoring check box is selected.
  5. Beside Enable behavior monitoring, click Configure.
  6. In the Configure Behavior Monitoring dialog box, make sure the Detect malicious behavior check box is selected.
  7. To enable malicious traffic detection, select the Detect malicious traffic check box.
    Note Malicious traffic detection uses the same set of exclusions as the Sophos Anti-Virus on-access scanner (InterCheck™).