Sophos Anti-Virus for Windows 2000+: features in versions 7 and 7.3

This article describes the new features in Sophos Anti-Virus for Windows 2000+, versions 7 and 7.3.

Features in version 7

Host Intrusion Prevention System (HIPS)/Runtime behavior analysis

Sophos Anti-Virus now analyses behavior of the programs running on the system. The runtime behavior analysis includes:

• Suspicious behavior detection, which dynamically analyzes the behavior of all programs running on the system, in order to detect and block activity which appears to be malicious. Suspicious behavior may include changes to the registry that could allow a virus to run automatically when the computer is restarted.
• Buffer overflow detection, which dynamically analyzes the behavior of all programs running on the system, in order to detect buffer overflow attacks.

Suspicious file detection

Sophos Anti-Virus can scan for suspicious files, that is, files that contain certain characteristics that are common to malware but not sufficient for the files to be identified as a new piece of malware. For example, a file containing dynamic decompression code commonly used by malware can be regarded as suspicious.

Application control

From Enterprise Console, you can configure Sophos Anti-Virus to detect and block 'controlled applications', i.e. legitimate applications that are not a security threat, but that you decide are unsuitable for use in your office environment. Such applications may include games, instant messaging (IM) clients, Voice over Internet Protocol (VoIP) clients, digital imaging software, media players, or browser plug-ins.

Features in version 7.3

Third-party security software removal

Third-party security software removal allows you to remove the third-party anti-virus software installed on your standalone computers before installing Sophos software. This includes anti-virus, firewall, product suites and product update software. For a current list of the software that can be removed before instllation, please see: http://www.sophos.com/products/enterprise/endpoint/security-and-control/8.0/management/removal-tool.html.

The third-party software is removed using the Endpoint Security and Control standalone installer on standalone computers or by using the 'Protect computers' wizard in Enterprise Console.

Integration with Network Access Control

Endpoint Security and Control, version 8.0, now includes Network Access Control (NAC) functionality. Sophos Anti-Virus is fully integrated with this new product.

Related topics

Other articles describe the new features in

Enterprise Console, versions 3 and 3.1
Sophos Anti-Virus for Linux, version 6