Enterprise Console: enabling blocking of programs showing suspicious behavior

  • Article ID: 25431
  • Updated: 27 Jan 2012

When first installed, Enterprise Console will display alerts for files showing suspicious behavior, but Sophos Anti-Virus for Windows 2000+ will not block them (detect only mode).

Another knowledgebase article describes these console alerts in detail, and gives advice on how to rollout to your network.

You should enable blocking of such files once you are confident that this will not disrupt your network.

What to do

  1. If necessary, open Enterprise Console.
  2. In the Enterprise Console Policies pane, double-click 'Anti-virus and HIPS'.
  3. Double-click your policy.
  4. Click 'HIPS runtime behavior'.
  5. Ensure that the following check boxes are selected:
    • Detect suspicious behavior
    • Detect buffer overflow
  6. Deselect the following check box:
    • Alert only
  7. Click 'OK' twice to save your changes.

The change will be deployed to your workstations the next time they update.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent