Default anti-virus scanning options for Sophos Cloud

  • Article ID: 119637
  • Rating:
  • 1 customers rated this article 5.0 out of 6
  • Updated: 22 Oct 2014

This article details the default anti-virus policy options for both User based and Server based policies:

Applies to the following Sophos product(s) and version(s)

Sophos Cloud

For real-time scanning, the following options are enabled:

  • Scan on read
  • Scan on rename
  • Scan on write
  • Scan system memory
  • Scan remote files
  • Auto clean-up (if clean-up fails, then deny access)
  • Scan for malicious behaviour
  • Malicious URL protection
  • Download scanning
  • Potentially Unwanted Application (PUA) scanning
    • PUAs are blocked by default.  Once detected you will need to either authorize the application in policy or clean up the application from the Dashboard.
  • Scans executable files (does not unnecessarily scan files which cannot infect a computer)
  • Sophos Live Protection

The following are disabled:

  • Allow access to boot sector
  • Scan inside archives (Items extracted from the archive will be scanned in real-time regardless of this setting.  In addition to this the scheduled scan can be configured to scan within archives to search for dormant infected files. This can add significant processing overhead so it is not included in real-time scanning.)
  • Scan for/detect suspicious files (malicious behaviour detection provides protection against new (“day zero”) malware)
  • Detect suspicious behaviour (malicious behaviour detection provides protection against new (“day zero”) malware)
  • Buffer overflow detection(malicious behaviour detection provides protection against new (“day zero”) malware)

For scheduled scanning:

This has the same settings as the real-time scanning. It has the following scheduled scan specific settings enabled:

  • Scan for rootkits
  • Low priority scan
  • Scanning inside archives can be enabled

Note: For User based policies scheduled scanning is disabled by default. For Server based policies a default weekly scan is configured to run at 00:00.

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments