When first installed, Enterprise Console will display alerts for files showing suspicious behavior, but Sophos Anti-Virus for Windows 2000+ will not block them (detect only mode).
Another knowledgebase article describes these console alerts in detail, and gives advice on how to rollout to your network.
You should enable blocking of such files once you are confident that this will not disrupt your network.
What to do
- If necessary, open Enterprise Console.
- In the Enterprise Console Policies pane, double-click 'Anti-virus and HIPS'.
- Double-click your policy.
- Click 'HIPS runtime behavior'.
- Ensure that the following check boxes are selected:
- Detect suspicious behavior
- Detect buffer overflow
- Deselect the following check box:
- Click 'OK' twice to save your changes.
The change will be deployed to your workstations the next time they update.