Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/22.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=CLI-set-scanengine

scanengine

You can turn machine learning (ML) on in the Sophos scan engine to detect viruses and other malware, including threats that aren't yet in the virus signature database. ML identifies zero‑day and fast‑spreading threats by detecting suspicious patterns that traditional signatures may miss. ML‑detected files also generate telemetry for Sophos Labs, which helps improve future signatures.

While ML can detect new viruses, it also has a risk of higher false positives. It may occasionally block legitimate files or traffic.

You can turn ML scanning on globally for the scan engine. Once you've turned it on globally, you can turn it on or off individually for the Web, Email, WAF, and FTP features. This lets you control whether ML detections trigger a block action for each feature.

Command

set scanengine

show scanengine

Syntax

set scanengine
thread_count [<1-128>|default]
ml_scan [on|off]
ml_web_detection [on|off]
ml_email_detection [on|off]
ml_legacy_detection [on|off]

Options

thread_count [<1-128>|default]

Set the number of scanner threads per scan engine. Set it to default to dynamically set the number of threads based on the number of CPUs.

Range: 1 to 128

max_buffer_size

This option is deprecated.

ml_scan [on|off]

Turn ML scanning on or off globally for the scan engine. If you turn it off, you can't turn it on individually for other features such as Web, Email, WAF, or FTP.

Default: on

ml_web_detection [on|off]

Turn ML scanning on or off for Web proxy and DPI engine.

Default: off

ml_email_detection [on|off]

Turn ML scanning on or off for Email.

Default: on

ml_legacy_detection [on|off]

Turn ML scanning on or off for WAF and FTP proxy.

Default: off