About Sophos Live Protection
Sophos Live Protection decides whether a suspicious file is a threat and, if it is a threat, takes
immediate action as specified in the Sophos Anti-Virus cleanup configuration.
What does it do?
Sophos Live Protection improves detection of new malware without the risk of unwanted detections.
This is achieved by doing an instant lookup against the very latest known malware. When new
malware is identified, Sophos can send out updates within seconds.
Sophos Live Protection can do the following:
- Enable Live Protection
If the anti-virus scan on an endpoint computer has identified a file as suspicious, but cannot
further identify it as either clean or malicious based on the threat identity (IDE) files stored
on the computer, certain file data (such as its checksum and other attributes) is sent to Sophos
to assist with further analysis.
This is known as 'in-the-cloud' checking: it performs an instant lookup of a suspicious file in the SophosLabs database. If the file is identified as clean or malicious, the decision is sent back to the computer and the status of the file is automatically updated.
- Automatically send sample files to Sophos
If a file is considered suspicious, but cannot be positively identified as malicious based on the
file data alone, you can allow Sophos to request a sample of the file. If this option is enabled,
and Sophos does not already hold a sample of the file, the file will be submitted automatically.
Submitting sample files helps Sophos to continuously enhance detection of malware without
the risk of false positives.
View our video for more detailed information about Live Protection.
Refer also to the knowledgebase articles:
- How to Turn Sophos Live Protection options on or off
- Overview of the Sophos Live Protection architecture in SESC 9.5+