Sophos Anti-Virus for Mac: Anti-Virus and HIPs policy - applicable settings

  • Article ID: 118859
  • Rating:
  • 2 customers rated this article 3.5 out of 6
  • Updated: 14 Feb 2013

This article describes the Sophos Enterprise Console 'Anti-Virus and HIPS' policy settings that apply to Mac endpoints.  Some settings in the 'Anti-Virus and HIPs' policy do not apply to Mac endpoints, only to those on Windows.

Known to apply to the following Sophos product(s) and version(s)
SAV for Mac OS X v8

Details

The following chart provides details of which settings are relevant to Mac endpoints.

Enterprise Console Setting
 Notes
AUTHORIZATION

Does not apply to Mac
MESSAGING
Selected Messaging settings are applicable to Mac
Desktop Messaging >
Enable Desktop messaging
Applicable. However, in order to make the ' Enable Desktop messaging' option available, you are required to select one of the 'Messages to display' options in the GUI
Desktop Messaging >
Messages to display
ONLY 'Virus/spyware detection and cleanup' is applicable.  This also enables alerts regarding scanning errors
Desktop Messaging >
User-defined message
This setting defines the message to display on desktop alerts and will be added to the end of the standard message
Email Alerting >
Enable email alerting
Applicable. However, in order to make the 'Enable email alerting' option available, you are required to select one of the 'Messages to send' options in the GUI
Email Alerting >
Messages to send
ONLY the following settings are applicable:
‘Virus/spyware detection and cleanup’
‘Scanning errors (e.g. access denied)’
Email Alerting >
Recipients
Defines the e-mail recipients.  Alerts can be sent to only one recipient. If there are multiple recipients the alert will be sent to the first recipient in the list
Email Alerting >
Configure SMTP >
SMTP Server
Defines the SMTP server for email alerts
Email Alerting >
Configure SMTP >
SMTP Sender Address
Defines the Envelope To address and 'From' header
Email Alerting > Configure SMTP >
SMTP reply-to address
Does not apply to Mac 
Email Alerting >
Configure SMTP > Language
Does not apply to Mac
SNMP Messaging Does not apply to Mac
Event Log

Does not apply to Mac
SOPHOS LIVE PROTECTION
Selected Live Protection settings are applicable to Mac
Enable Live Protection Live Protection can be enabled/disabled
Automatically send sample files to Sophos Does not apply to Mac
ON-ACCESS SCANNING
Selected On-Access settings are applicable to Mac
Enable On-Access Scanning On-Access can be enabled/disabled
Configure >
Scanning >
Check files on Read / Rename / Write
These settings are not centrally configurable.  Mac endpoints scan during both open and close system calls.
Configure >
Scanning >
Adware and PUAs
Does not apply to Mac
Configure >
Scanning >
Suspicious Files
Does not apply to Mac
Configure >
Scanning >
Allow access to infected boot sectors
Allow access to infected boot sectors.  Boot sectors are scanned on mount by on-access scanning
Configure >
Scanning >
Scan inside archive files
Enables/Disables scanning of ALL archive types
Configure >
Scanning >
Scan System Memory
Does not apply to Mac
Configure >
Extensions
Mac endpoints scan all file extensions during on-access scanning
Configure >
Windows Exclusions
N/A
Configure >
Mac Exclusions
Files, folders and volumes can be excluded. Disabling 'Exclude remote files' will remove the option to scan files that reside on network volumes
Configure > Linux/Unix Exclusions >
Excluded Items
N/A
Configure >
Cleanup >
Automatically cleanup items..
This option enables the automatic clean up threat action
NOTE: This option will clean up items based on instructions defined in the Virus Data
Configure >
Cleanup >
Deny access only /
Deny access and move...
This option will deny access to the threat or deny access to the threat and move it to a defined location
Configure >
Cleanup >
Delete
This option will delete any threat.  It can also be used in conjunction with automatic clean up - threats that have not been cleaned will be deleted
Configure >
Cleanup >
Suspicious Files

Does not apply to Mac
BEHAVIOUR MONITORING

Does not apply to Mac
WEB PROTECTION

Does not apply to Mac

 

The following settings apply to Scheduled scanning only.  'Extensions and Exclusions' also applies to a Console initiated Full System Scan.

Enterprise Console Setting Notes
SCHEDULED SCANNING
Selected settings are applicable to Mac
Add / Edit >
What to Scan >
Local Hard Disks
These are local internal disks
Add / Edit >
What to Scan >
Floppy disk and removable
Removable drives are external disks
Add / Edit >
What to Scan >
CD Drives

Add / Edit >
When Scan Occurs >
Days
Multiple days can be configured
Add / Edit >
When Scan Occurs >
Times
Multiple times can be configured
Add / Edit > Configure >
Scanning >
Adware & PUAs
Does not apply to Mac
Add / Edit > Configure >
Scanning >
Suspicious Files
Does not apply to Mac
Add / Edit > Configure >
Scanning >
Rootkits
Does not apply to Mac
Add / Edit > Configure >
Scanning >
Scan inside archive files
 Enables/Disables scanning of ALL archive types
Add / Edit > Configure >
Scanning >
System Memory
Does not apply to Mac
Add / Edit > Configure >
Scanning >
Run Scan at Lower Priority
Does not apply to Mac
Add / Edit > Configure >
Cleanup >
Automatically cleanup items...
This option enables the automatic clean up threat action
NOTE: This option will clean up items based on instructions defined in the Virus Data
Add / Edit > Configure >
Cleanup >
Log Only /
Move to..

Detections are always logged.  The Move to option will move the threat to a defined location
Add / Edit > Configure >
Cleanup >
Delete
This option will delete any threat. It can also be used in conjunction with automatic clean up - threats that have not been cleaned will be deleted
Add / Edit > Configure >
Cleanup >
Adware and PUA
Does not apply to Mac
Add / Edit > Configure >
Cleanup >
Suspicious Files

Does not apply to Mac
EXTENSIONS AND EXCLUSIONS
Selected settings apply to Mac.  These settings apply to scheduled scans configured in SEC, and to the on-demand 'Full System Scan' run via SEC
Extensions >
Scan all / Scan only
All file extensions are scanned unless specifically excluded
Extensions >
Scan files with no extension
Files without extension are always scanned
Extensions >
Exclude..
Specific file extensions can be excluded
Windows Exclusions
N/A
Linux/UNIX Exclusions 
N/A
Mac Exclusions Files, folders and volumes can be excluded

 

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments