Sophos Live Protection

Sophos Live Protection uses in-the-cloud technology to instantly decide whether a suspicious file is a threat and take action specified in the anti-virus and HIPS policy.

Live Protection improves detection of new malware without the risk of unwanted detections. This is achieved by doing an instant lookup against the very latest known malicious files. When new malware is identified, Sophos can send out updates within seconds.

To take full advantage of Live Protection, you must ensure that the following options are enabled.

Important: You must ensure that Sophos domain to which the file data is sent is trusted in your web filtering solution. For details, see support knowledgebase article 62637 (

If you use a Sophos web filtering solution, for example the WS1000 Web Appliance, you do not need to do anything - Sophos domains are already trusted.