Enterprise Console: Anti-virus and HIPS policy defaults
These are the default settings for the Anti-virus and HIPS policy in a fresh installation of Enterprise Console. These settings mainly apply to Sophos Anti-Virus for Windows 2000+.
General
| Feature | Setting |
|---|
| On access scanning - for viruses, etc. | Enabled |
| Scheduled scan | None |
On-access scanning
| Feature | Setting |
|---|
| Scanning | |
| Scanning level | 'Normal' |
| Scan inside archive files | Disabled |
| Scan for Macintosh viruses | Disabled |
| Scan for adware/PUA | Disabled |
| Scan for suspicious files (HIPS) | Disabled |
| On access scanning - On read | Enabled |
| On access scanning - On write | Disabled |
| On access scanning - On rename | Disabled |
| Allow access to drives with infected boot sectors (Removable media) | Disabled |
| Extensions | |
| Scan all files | Disabled |
| Scan executable and infectable files | Enabled |
| Scan files with no extension | Enabled |
| Windows exclusions | |
| Exclude remote files | Disabled |
| Mac exclusions | |
| Exclude remote files | Disabled |
| Linux exclusions | |
| Exclude remote files | Disabled |
| Cleanup | |
| Automatically clean up items that contain a virus/spyware | Disabled |
| Option if cleanup is not possible | 'Do nothing' |
| Suspicious files - default action | 'Do nothing' |
HIPS runtime behavior analysis settings
| Feature | Setting |
|---|
| Detect suspicious behavior | Enabled |
| Detect buffer overflow | Enabled |
| Alert only | Enabled |
Messaging
| Feature | Setting |
|---|
| Desktop messaging | |
| Enable desktop messaging | Enabled |
| Virus/spyware detection and cleanup | Enabled |
| Suspicious behavior detection | Enabled |
| Suspicious file detection | Enabled |
| Adware/PUA detection | Enabled |
| Email alerting | |
| Enable email alerting | Disabled |
| All other options | Grayed out |
| SNMP alerting | |
| Enable SNMP messaging | Disabled |
| All other options | Grayed out |
| Event log | |
| Enable event logging | Enabled |
| Virus/spyware and cleanup | Enabled |
| Suspicious behavior detection | Enabled |
| Suspicious file detection | Enabled |
| Adware/PUA detection and cleanup | Enabled |
| Scanning errors (e.g. access denied) | Disabled |
| Other errors | Disabled |
Authorization manager
Nothing is set by default in this section.
Add scheduled scan
No scheduled scan is enabled by default, so these settings are not used until you set your first scheduled scan.
| Feature | Setting |
|---|
| Local hard disks | Enabled |
| Floppy disk and removabled drives | Disabled |
| CD drives | Disabled |
| Days when scan will run - Monday, Tuesday, Wednesday, Thursday, Friday | Enabled |
| Days when scan will run - Saturday, Sunday | Disabled |
| Time when scan will run | 21.00 |
| Scanning | |
| Scanning level | 'Normal' |
| Scan inside archive files | Disabled |
| Scan for Macintosh viruses | Disabled |
| Scan for adware/PUAs | Enabled |
| Scan for suspicious files (HIPS) | Disabled |
| Cleanup | |
| Automatically clean up items that contain a virus/spyware | Disabled |
| Option if cleanup is not possible, or not wanted | 'Do nothing' |
| Automatically clean up adware/PUA | Disabled |
| Suspicious files | 'Do nothing' |
Extensions and exclusions
| Feature | Setting |
|---|
| Extensions | |
| Scan all files | Disabled |
| Scan executables and infectable files | Enabled |
| Scan files with no extension | Enabled |
| Exclusions | |
| No exclusion options are set by default | |
If you need more information or guidance, then please contact technical support.
- Article ID: 27267
- Created: 9 Jul 2007
- Last updated: 6 Oct 2008
