Detect malicious traffic
If you use role-based administration:
- You must have the Policy setting - anti-virus and HIPS right to perform this task.
- You cannot edit a policy if it is
applied outside your active sub-estate.
For more information, see Managing roles and sub-estates.
- Malicious traffic detection requires Sophos Live Protection to be enabled. (By default, Sophos Live Protection is enabled.)
Malicious traffic detection detects communications between endpoint computers and command and control servers involved in botnet or other malware attacks.
Note Malicious traffic detection uses the same set of exclusions as the Sophos Anti-Virus on-access scanner (InterCheck ™). For
information about configuring on-access scanning exclusions, see Exclude items from on-access scanning.
By default, malicious traffic detection is enabled for new installations of Sophos Enterprise Console 5.3 or later. If you upgraded from an earlier version of Sophos Enterprise Console, you need to enable malicious traffic detection to benefit from the feature.
To change the settings for detecting malicious traffic: