Default Anti-virus and HIPS policy and settings

  • N°Id de l'article : 27267
  • Mis à jour : 06 mai 2014

These are the default settings for the Anti-virus and Host-based intrusion prevention system (HIPS) policy in a fresh installation of Enterprise Console or a fresh installation of Sophos endpoint security software. These settings mainly apply to Sophos Anti-Virus for Windows 2000+.

Applies to the following Sophos product(s) and version(s)

Sophos Endpoint Security and Control 9.7
Sophos Anti-Virus for Windows 2000+ 10.3.0
Sophos Anti-Virus for Windows 2000+ 10.2
Sophos Anti-Virus for Windows 2000+ 10.0

For Endpoint 10 default settings please see below. For Endpoint 9.7 default settings please click here.

For Sophos Cloud default anti-virus scanning settings see article 119637.

Default settings for Endpoint 10 or Console 5 policy

Main

Feature Setting
Enable on-access scanning Enabled
Enable behavior monitoring Enabled
Block access to malicious websites Enabled
Download scanning As on-access scanning
Scheduled scan None

On-access scanning

Feature Setting
Scanning
Check files on - Read Enabled
Check files on - Rename Enabled
Check files on - Write Enabled
Scan for - Adware and PUAs Enabled
Scan for - Suspicious files Disabled
Allow access to drives with infected boot sectors Disabled
Scan inside archive files (not recommended) Disabled
Scan system memory Enabled
Extensions
Scan all files (not recommended) Disabled
Scan only executable and other vulnerable files Enabled
Scan files with no extension Enabled
Windows Exclusions
Excluded items None
Exclude remote files Disabled
Mac Exclusions
Excluded items None
Exclude remote files Disabled
Linux/UNIX Exclusions
Excluded items None
Exclude remote files Disabled
Cleanup
Automatically clean up items that contain a virus/spyware Enabled
Option if cleanup is not possible Deny access only
Suspicious files Deny access only

Sophos Live Protection

Feature Setting
Enable Live Protection Enabled
Automatically send sample files to Sophos Disabled

Behavior Monitoring

Feature Setting
Detect malicious behavior Enabled
Detect suspicious behavior Enabled
Alert only, do not block suspicious behavior Enabled
Detect buffer overflows Enabled
Alert only, do not block Disabled

Authorization (Manager)

Nothing is set by default in this section.

Messaging

Feature Setting
Desktop messaging
Enable desktop messaging Enabled
Virus/spyware detection and cleanup Enabled
Suspicious behavior detection Enabled
Suspicious file detection Enabled
Adware and PUA detection Enabled
Email alerting
Enable email alerting Disabled
All other options Grayed out
SNMP alerting
Enable SNMP messaging Disabled
All other options Grayed out
Event log
Enable event logging Enabled
Virus/spyware detection and cleanup Enabled
Suspicious behavior detection Enabled
Suspicious file detection Enabled
Adware and PUA detection and cleanup Enabled
Scanning errors (e.g. access denied) Disabled
Other errors Disabled

Add scheduled scan

No scheduled scan is enabled by default, so these settings are not used until you set your first scheduled scan.

Feature Setting
Local hard disks Enabled
Floppy disk and removabled drives Disabled
CD drives Disabled
Days when scan will run - Monday, Tuesday, Wednesday, Thursday, Friday Enabled
Days when scan will run - Saturday, Sunday Disabled
Time when scan will run 21.00
Scanning
Scan for - Adware and PUAs Enabled
Scan for - Suspicious files Enabled
Scan for - Rootkits Enabled
Scan inside archive files (not recommended) Disabled
Scan system memory Enabled
Run scan at lower priority Disabled
Cleanup
Automatically clean up items that contain a virus/spyware Enabled
Option if cleanup is not possible Log only
Suspicious files Log only

Extensions and exclusions

Feature Setting
Extensions
Scan all files (not recommended) Disabled
Scan only executable and other vulnerable files Enabled
Scan files with no extension Enabled
Exclusions
No exclusion options are set by default for Windows/ Mac/ Linux or UNIX.


Default settings for Endpoint 9.x or Console 4.x policy

General

Feature Setting
On access scanning - for viruses, etc. Enabled
Scheduled scan None

On-access scanning

Feature Setting
Scanning
Scanning level 'Normal'
Scan inside archive files Disabled
Scan for Macintosh viruses Disabled
Scan for adware/PUA Disabled
Scan for suspicious files (HIPS) Disabled
On access scanning - On read Enabled
On access scanning - On write Disabled
On access scanning - On rename Disabled
Allow access to drives with infected boot sectors (Removable media) Disabled
Extensions
Scan all files Disabled
Scan executable and infectable files Enabled
Scan files with no extension Enabled
Windows exclusions
Exclude remote files Disabled
Mac exclusions
Exclude remote files Disabled
Linux exclusions
Exclude remote files Disabled
Cleanup
Automatically clean up items that contain a virus/spyware Disabled
Option if cleanup is not possible 'Do nothing'
Suspicious files - default action 'Do nothing'

HIPS runtime behavior analysis settings

Feature Setting
Detect suspicious behavior Enabled
Detect buffer overflow Enabled
Alert only Enabled

Messaging

Feature Setting
Desktop messaging
Enable desktop messaging Enabled
Virus/spyware detection and cleanup Enabled
Suspicious behavior detection Enabled
Suspicious file detection Enabled
Adware/PUA detection Enabled
Email alerting
Enable email alerting Disabled
All other options Grayed out
SNMP alerting
Enable SNMP messaging Disabled
All other options Grayed out
Event log
Enable event logging Enabled
Virus/spyware and cleanup Enabled
Suspicious behavior detection Enabled
Suspicious file detection Enabled
Adware/PUA detection and cleanup Enabled
Scanning errors (e.g. access denied) Disabled
Other errors Disabled

Authorization manager

Nothing is set by default in this section.

Add scheduled scan

No scheduled scan is enabled by default, so these settings are not used until you set your first scheduled scan.

Feature Setting
Local hard disks Enabled
Floppy disk and removabled drives Disabled
CD drives Disabled
Days when scan will run - Monday, Tuesday, Wednesday, Thursday, Friday Enabled
Days when scan will run - Saturday, Sunday Disabled
Time when scan will run 21.00
Scanning
Scanning level 'Normal'
Scan inside archive files Disabled
Scan for Macintosh viruses Disabled
Scan for adware/PUAs Enabled
Scan for suspicious files (HIPS) Disabled
Cleanup
Automatically clean up items that contain a virus/spyware Disabled
Option if cleanup is not possible, or not wanted 'Do nothing'
Automatically clean up adware/PUA Disabled
Suspicious files 'Do nothing'

Extensions and exclusions

Feature Setting
Extensions
Scan all files Disabled
Scan executables and infectable files Enabled
Scan files with no extension Enabled
Exclusions
No exclusion options are set by default

 
Si vous avez besoin de plus d'informations ou d'instructions, veuillez contacter le support technique.

Évaluez cet article

Très mauvais Excellent

Commentaires