Sophos Anti-Virus for Windows 2000+: authorizing suspicious items

  • Article ID: 25227
  • Rating:
  • 58 customers rated this article 4.2 out of 6
  • Updated: 25 Jun 2013


When Sophos Anti-Virus for Windows 2000+, version 9 and above, displays an alert about a suspicious file or suspicious behavior, you can authorize the item either for the individual computer or for a group of computers on your network.

Known to apply to the following Sophos product(s) and version(s)

Sophos Anti-Virus for Windows 2000+
Enterprise Console

What to do

When you receive an alert about a specific file or program, you must decide whether to authorize it. The desktop alert on the local computer and the 'Alert and error details' tab in Enterprise Console both provide a link to more information about the potential threat.

To allow a group of users on your network to open the file or program, use Enterprise Console to authorize it. If you would like to allow access to this one computer only, authorize the file or program in the local computer.

1. Authorizing suspicious items in Enterprise Console

  1. Check which anti-virus and HIPS policy is used by the group(s) of computers you want to allow to access the item:
    • Find the group in the Groups pane.
    • Right-click and select View group policy details.
  2. In the Policies pane, double-click 'Anti-virus and HIPS'.
  3. Double-click the policy you want to change.
  4. In the 'Anti-virus and HIPS policy' dialog box, click 'Authorization'.
  5. In the Authorization Manager window, select the tab for the type of behavior that has been detected, e.g. Buffer overflow.
  6. Find the file or program that has been detected and move it from the 'Known' list to the 'Authorized' list.
  7. Click 'OK'.

2. Authorizing suspicious items on the local computer

  1. If displayed, right-click the Sophos shield in the system tray and select ‘Open Sophos Endpoint Security and Control’ (or launch from Start|Programs|Sophos|Sophos Endpoint Security and Control).
  2. Select 'Configure anti-virus and HIPS'.
  3. Select 'Authorization'.
  4. In the Authorization Manager window, select the tab for the type of behavior that has been detected, e.g. Buffer overflow.
  5. From the 'Known adware or PUA's' list locate the program that has been detected and move it to the 'Authorized adware or PUA's' list.
  6. Click 'OK'.

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments