On the Endpoint Protection > Antivirus > Policies tab you can manage different sets of antivirus settings which you can subsequently apply to the computer groups monitored by endpoint protection.

By default, the antivirus policy Basic protection represents the best balance between protecting your computer against threats and overall system performance. It cannot be modified.

To add a new antivirus policy, proceed as follows:

  1. Click the Add Policy button.

    The Add Policy dialog box opens.

  2. Make the following settings:

    Name: Enter a descriptive name for this policy.

    On-access scanning: If enabled, whenever you copy, move, or open a file, the file will be scanned and access will only be granted if it does not pose a threat to your computer or has been authorized for use.

    Automatic cleanup: If enabled, items that contain viruses or spyware will automatically be cleaned up, any items that are purely malware will be deleted, and any items that have been infected will be disinfected. These disinfected files should be considered permanently damaged, as the virus scanner cannot know what the file contained before it was damaged.

    Sophos live protection: If the antivirus scan on an endpoint computer has identified a file as suspicious, but cannot further identify it as either clean or malicious based on the Sophos threat identity (IDE) files stored on the computer, certain file data (such as its checksum and other attributes) is sent to Sophos to assist with further analysis.

    The in-the-cloud checking performs an instant lookup of a suspicious file in the SophosLabs database. If the file is identified as clean or malicious, the decision is sent back to the computer and the status of the file is automatically updated.

    Suspicious behavior (HIPSClosed): If enabled, all system processes are watched for signs of active malware, such as suspicious writes to the registry, file copy actions, or buffer overflow techniques. Suspicious processes will be blocked.

    Web protection: If enabled, the website URLs are looked up in the Sophos online database of infected websites.

    Scheduled scanning: If enabled, a scan will be executed at a specified time.

    Comment (optional): Add a description or other information.

  3. Click Save.

    The new policy appears on the antivirus policies list. Please note that settings changes may need up to 15 minutes until all computers are reconfigured.

To either edit or delete a policy, click the corresponding buttons.

Related Topics Link IconRelated Topics
© 2019 Sophos Limited Sophos UTM 9.600