Configure scanning settings for a scheduled scan

If you use role-based administration:

  • You must have the Policy setting - anti-virus and HIPS right to perform this task.
  • You cannot edit a policy if it is applied outside your active sub-estate.

To configure the scanning settings for a scheduled scan:

  1. Check which anti-virus and HIPS policy is used by the groups of computers you want to configure.
  2. In the Policies pane, double-click Anti-virus and HIPS.
  3. Double-click the policy you want to change.
    The Anti-Virus and HIPS Policy dialog box is displayed.
  4. In the Set up and manage scheduled scans list, select the scan, and then click Edit.
  5. In the Scheduled scan settings dialog box, click Configure.
  6. Under Scan files for, configure the settings as described below.

    Option

    Description

    Adware and PUAs

    • Adware displays advertising (for example, pop-up messages) that may affect user productivity and system efficiency.
    • PUAs (Potentially Unwanted Applications) are not malicious, but are generally considered unsuitable for business networks.

    Suspicious files

    Suspicious files display certain characteristics (for example, dynamic decompression code) that are commonly, but not exclusively, found in malware. However, these characteristics are not sufficiently strong for the file to be identified as a new piece of malware.

    Warning This setting applies only to Sophos Endpoint Security and Control for Windows.

    Rootkits

    A rootkit is a Trojan or technology that is used to hide the presence of a malicious object (process, file, registry key, or network port) from the computer user or administrator.

  7. Under Other scanning options, set the options as described below.

    Option

    Description

    Scan inside archive files

    Scan the contents of archives and other compressed files.

    We don't recommend that you scan inside archive files during a scheduled scan, as it will add a significant amount of time to the scan. We recommend instead that you use on-access scanning (on-read and on-write) to protect your network. Any malware components of an unpacked archive will be blocked by the on-read and on-write scanners when they are accessed.

    If you would like to scan all archives on a few computers using a scheduled scan, we recommend that you do the following:

    • Create an extra scheduled scan.
    • In the Configure > On-demand scan settings dialog box, on the Extensions tab, add only the archive extensions to the list of extensions to be scanned.
    • Make sure that Scan all files is disabled.

    This will allow you to scan the archive files whilst making the scan as short as possible.

    Scan system memory

    Detect malware hiding in the computer's system memory (the memory that is used by the operating system).

    Run scan at lower priority

    On Windows Vista and above, run the scheduled scan with lower priority so that it has minimal impact on user applications.

For detailed advice about adjusting the default scanning settings for a scheduled scan, see knowledge base article 63985.