Configure on-access scanning

If you use role-based administration:

For more information, see Managing roles and sub-estates.

On-access scanning may not detect viruses if certain encryption software is installed. Change the startup processes to ensure that files are decrypted when on-access scanning begins. For more information on how to use anti-virus and HIPS policy with encryption software, see Sophos support knowledgebase article 12790.

To configure on-access scanning:

  1. Check which anti-virus and HIPS policy is used by the group(s) of computers you want to configure.
  2. In the Policies pane, double-click Anti-virus and HIPS.
  3. Double-click the policy you want to change.
    The Anti-Virus and HIPS Policy dialog box is displayed.
  4. In the On-access scanning panel, beside Enable on-access scanning, click Configure.
  5. To change when on-access scanning occurs, under Check files on, set the options as described below.
    Option Description
    • Scan files when they are copied, moved, or opened.
    • Scan programs when they are started.
    Rename Scan files when they are renamed.
    Write Scan files when they are saved or created.
  6. Under Scan for, set the options as described below.
    Option Description
    Adware and PUAs
    • Adware displays advertising (for example, pop-up messages) that may affect user productivity and system efficiency.
    • PUAs (Potentially Unwanted Applications) are not malicious, but are generally considered unsuitable for business networks.
    Suspicious files Suspicious files display certain characteristics (for example, dynamic decompression code) that are commonly, but not exclusively, found in malware. However, these characteristics are not sufficiently strong for the file to be identified as a new piece of malware.
    Note: This option applies only to Sophos Endpoint Security and Control for Windows.
  7. Under Other scanning options, set the options as described below.
    Option Description
    Allow access to drives with infected boot sectors Allow access to an infected bootable removable medium or device such as a bootable CD, floppy disk, or USB flash drive.

    Use this option only if advised to by Sophos technical support.

    Scan inside archive files Scan the contents of archives or compressed files before they are downloaded or emailed from managed computers.

    We recommend that you leave this option turned off, as it makes scanning significantly slower.

    Users will still be protected against any threats in archives or compressed files, as any components of an archive or compressed file that may be malware will be blocked by on-access scanning:

    • When users open a file extracted from the archive file, the extracted file is scanned.
    • Files compressed with dynamic compression utilities such as PKLite, LZEXE, and Diet are scanned.
    Scan system memory Run an hourly background scan that detects malware hiding in the computer's system memory (the memory that is used by the operating system).