Policies

On the Endpoint Protection > Antivirus > Policies tab you can manage different sets of antivirus settings which you can subsequently apply to the computer groups monitored by endpoint protection.

By default, the antivirus policy Basic protection represents the best balance between protecting your computer against threats and overall system performance. It cannot be modified.

To add a new antivirus policy, proceed as follows:

1. Click the Add Policy button.

   The Add Policy dialog box opens.

2. Make the following settings:

   Name: Enter a descriptive name for this policy.

   On-access scanning: If enabled, whenever you copy, move, or open a file, the file will be scanned and access will only be granted if it does not pose a threat to your computer or has been authorized for use.

   • Scan for PUA: If enabled, the on-access scanning will include a check for potentially unwanted applications (PUAs).

   Automatic cleanup: If enabled, items that contain viruses or spyware will automatically be cleaned up, any items that are purely malware will be deleted, and any items that have been infected will be disinfected. These disinfected files should be considered permanently damaged, as the virus scanner cannot know what the file contained before it was damaged.

   Sophos live protection: If the antivirus scan on an endpoint computer has identified a file as suspicious, but cannot further identify it as either clean or malicious based on the Sophos threat identity (IDE) files stored on the computer, certain file data (such as its checksum and other attributes) is sent to Sophos to assist with further analysis.

   The in-the-cloud checking performs an instant lookup of a suspicious file in the SophosLabs database. If the file is identified as clean or malicious, the decision is sent back to the computer and the status of the file is automatically updated.

   • Send sample file: If a file is considered suspicious, but cannot be positively identified as malicious based on the file data alone, you can allow Sophos to request a sample of the file. If this option is enabled, and Sophos does not already hold a sample of the file, the file will be submitted automatically. Submitting sample files helps Sophos to continuously enhance detection of malware without the risk of false positives.

   Suspicious behavior (HIPSHost-based Intrusion Prevention System): If enabled, all system processes are watched for signs of active malware, such as suspicious writes to the registry, file copy actions, or buffer overflow techniques. Suspicious processes will be blocked.

   Web protection: If enabled, the website URLs are looked up in the Sophos online database of infected websites.

   • Block malicious sites: If enabled, sites with malicious contents will be blocked.
   • Download scanning: If enabled, during a download data will be scanned by antivirus scanning and blocked if the download contains malicious content.

   Scheduled scanning: If enabled, a scan will be executed at a specified time.

   • Rootkit scan: If enabled, with each scheduled scan the computer will be scanned for rootkits.
   • Low priority scan: If enabled, the on-demand scans will be conducted with a lower priority. Note that this only works from Windows Vista Service Pack 2 onwards.
   • Time event: Select a time event when the scans will take place, taking the time zone of the endpoint into account.

   Comment (optional): Add a description or other information.

3. Click Save.

   The new policy appears on the antivirus policies list. Please note that settings changes may need up to 15 minutes until all computers are reconfigured.

To either edit or delete a policy, click the corresponding buttons.

Related Topics

• Endpoint Protection > Computer Management > Manage Groups
• Time Period Definitions