This article describes the Sophos LiveProtection functionality.
Known to apply to the following Sophos product(s) and version(s)
Sophos Anti-Virus for Linux v9.0
LiveProtection is a new feature for the Linux endpoint in Sophos Anti-Virus for Linux v9.
Live Protection improves detection of new malware without the risk of unwanted detections. This is achieved by doing an instant lookup against the very latest known malware. When new malware is identified, Sophos can send out updates within seconds.
If the anti-virus scan on an endpoint computer has identified a file as suspicious, but cannot further identify it as either clean or malicious, based on the threat identity (IDE) files stored on the computer, certain file data (such as its checksum and other attributes) is sent to Sophos to assist with further analysis.
The in-the-cloud checking performs an instant lookup of a suspicious file in the SophosLabs database. If the file is identified as clean or malicious, the decision is sent back to the computer and the status of the file is automatically updated.
Enabling LiveProtection for a standalone endpoint
To turn on Live Protection, type:
set LiveProtection true
Enabling LiveProtection from Enterprise Console (for managed endpoints)
In the Enterprise Console, for the relevant 'Anti-Virus and Hips' policy, select the 'Enable Sophos LiveProtection' checkbox.
Note: The 'Automatically send samples to Sophos' option is not currently applicable to Linux endpoints.