The on-access scanner in Sophos Anti-Virus for Windows can detect and block the following.
- threats (worms, viruses, trojans)
- potentially unwanted applications (PUA)
- suspicious files
- suspicious behavior
- buffer overflows
- malicious web content
Applies to the following Sophos product(s) and version(s)
Sophos Endpoint Security and Control
When it detects any of these items, it will block the item's access to the system. If the detection is a suspicious file/behavior or PUA to can review the item and authorize it or clean it up. For all other item you cannot authorize.
Note: If you believe the detection is incorrect see article 51120 to submit a sample or article 119440 for URL detection.
For more information
To learn more about the different types of detections, please see the following documentation:
- Host Intrusion Prevention System describes our suspicious file, suspicious behavior, and buffer overflow prevention functionality in much more detail.
- Overview of Potentially unwanted applications explains how we detect spyware, adware and other applications that may have a legitimate use on your network.
- Web content filtering describes how the on-access scanner checks websites for malicious scripts and other objects before loading them in your end users' web browsers.
- Contextual detections explains how we analyze the system to ensure that we detect all malicious behavior. This is a regular feature of our on-access anti-virus scanning.
How to deploy and configure customized on-access scan settings
Use the Policy Setup Guide to understand the procedure for setting up the on-access settings in your anti-virus policies.
Use the Guide to On-Access Settings to understand how each setting works and whether you need to apply it to your environment or not.