Default Anti-virus and HIPS policy and settings

  • ID dell'articolo: 27267
  • Valutazione:
  • 8 di clienti ha valutato questo articolo 3.9 su 6
  • Aggiornato il: 30 dic 2015

These are the default settings for the Anti-virus and Host-based intrusion prevention system (HIPS) policy in a fresh installation of Enterprise Console or a fresh installation of Sophos endpoint security software. These settings mainly apply to Sophos Anti-Virus for Windows 2000+.

Applies to the following Sophos product(s) and version(s)
Sophos Endpoint Security and Control 9.7
Sophos Anti-Virus for Windows 2000+ 10.3.0
Sophos Anti-Virus for Windows 2000+ 10.2
Sophos Anti-Virus for Windows 2000+ 10.0

For Endpoint 10 default settings please see below. For Endpoint 9.7 default settings please click here.

For Sophos Cloud default anti-virus scanning settings see article 119637.

Default settings for Endpoint 10 or Console 5 policy

Main

Feature Setting
Enable on-access scanning  Enabled
Enable behavior monitoring  Enabled
Block access to malicious websites  Enabled
Download scanning  As on-access scanning
Scheduled scan None

On-access scanning

Feature Setting
Scanning
Check files on - Read  Enabled
Check files on - Rename  Enabled
Check files on - Write  Enabled
Scan for - Adware and PUAs  Enabled
Scan for - Suspicious files  Disabled
Allow access to drives with infected boot sectors  Disabled
Scan inside archive files (not recommended)  Disabled
Scan system memory  Enabled
Extensions
Scan all files (not recommended)  Disabled
Scan only executable and other vulnerable files  Enabled
Scan files with no extension  Enabled
Windows Exclusions
Excluded items None
Exclude remote files  Disabled
Mac Exclusions
Excluded items None
Exclude remote files  Disabled
Linux/UNIX Exclusions
Excluded items None
Exclude remote files  Disabled
Cleanup
Automatically clean up items that contain a virus/spyware  Enabled
Option if cleanup is not possible  Deny access only
Suspicious files  Deny access only

Sophos Live Protection

Feature Setting
Enable Live Protection  Enabled
Automatically send sample files to Sophos  Disabled

Behavior Monitoring

Feature Setting
Detect malicious behavior  Enabled
Detect malicious traffic  Enabled
Detect suspicious behavior  Enabled
Alert only, do not block suspicious behavior  Enabled
Detect buffer overflows  Enabled
Alert only, do not block  Disabled

Authorization (Manager)

Nothing is set by default in this section.

Messaging

Feature Setting
Desktop messaging
Enable desktop messaging  Enabled
Virus/spyware detection and cleanup  Enabled
Suspicious behavior detection  Enabled
Suspicious file detection  Enabled
Adware and PUA detection  Enabled
Email alerting
Enable email alerting  Disabled
All other options Grayed out
SNMP alerting
Enable SNMP messaging  Disabled
All other options Grayed out
Event log
Enable event logging Enabled
Virus/spyware detection and cleanup  Enabled
Suspicious behavior detection  Enabled
Suspicious file detection  Enabled
Adware and PUA detection and cleanup  Enabled
Scanning errors (e.g. access denied)  Disabled
Other errors  Disabled

Add scheduled scan

No scheduled scan is enabled by default, so these settings are not used until you set your first scheduled scan.

Feature Setting
Local hard disks  Enabled
Floppy disk and removabled drives  Disabled
CD drives  Disabled
Days when scan will run - Monday, Tuesday, Wednesday, Thursday, Friday  Enabled
Days when scan will run - Saturday, Sunday  Disabled
Time when scan will run 21.00
Scanning
Scan for - Adware and PUAs  Enabled
Scan for - Suspicious files  Enabled
Scan for - Rootkits  Enabled
Scan inside archive files (not recommended)  Disabled
Scan system memory  Enabled
Run scan at lower priority  Disabled
Cleanup
Automatically clean up items that contain a virus/spyware  Enabled
Option if cleanup is not possible  Log only
Suspicious files  Log only

Extensions and exclusions

Feature Setting
Extensions
Scan all files (not recommended)  Disabled
Scan only executable and other vulnerable files  Enabled
Scan files with no extension  Enabled
Exclusions
No exclusion options are set by default for Windows/ Mac/ Linux or UNIX.


Default settings for Endpoint 9.x or Console 4.x policy

General

Feature Setting
On access scanning - for viruses, etc.  Enabled
Scheduled scan None

On-access scanning

Feature Setting
Scanning
Scanning level  'Normal'
Scan inside archive files  Disabled
Scan for Macintosh viruses  Disabled
Scan for adware/PUA Disabled / Enabled (Mac Standalone)
Scan for suspicious files (HIPS)  Disabled
On access scanning - On read  Enabled
On access scanning - On write  Disabled
On access scanning - On rename  Disabled
Allow access to drives with infected boot sectors (Removable media)  Disabled
Extensions
Scan all files  Disabled
Scan executable and infectable files  Enabled
Scan files with no extension  Enabled
Windows exclusions
Exclude remote files  Disabled
Mac exclusions
Exclude remote files  Disabled
Linux exclusions
Exclude remote files  Disabled
Cleanup
Automatically clean up items that contain a virus/spyware  Disabled
Option if cleanup is not possible  'Do nothing'
Suspicious files - default action  'Do nothing'

HIPS runtime behavior analysis settings

Feature Setting
Detect suspicious behavior  Enabled
Detect buffer overflow  Enabled
Alert only  Enabled

Messaging

Feature Setting
Desktop messaging
Enable desktop messaging  Enabled
Virus/spyware detection and cleanup  Enabled
Suspicious behavior detection  Enabled
Suspicious file detection  Enabled
Adware/PUA detection  Enabled
Email alerting
Enable email alerting  Disabled
All other options Grayed out
SNMP alerting
Enable SNMP messaging  Disabled
All other options Grayed out
Event log
Enable event logging  Enabled
Virus/spyware and cleanup  Enabled
Suspicious behavior detection  Enabled
Suspicious file detection  Enabled
Adware/PUA detection and cleanup  Enabled
Scanning errors (e.g. access denied)  Disabled
Other errors  Disabled

Authorization manager

Nothing is set by default in this section.

Add scheduled scan

No scheduled scan is enabled by default, so these settings are not used until you set your first scheduled scan.

Feature Setting
Local hard disks  Enabled
Floppy disk and removabled drives  Disabled
CD drives  Disabled
Days when scan will run - Monday, Tuesday, Wednesday, Thursday, Friday  Enabled
Days when scan will run - Saturday, Sunday  Disabled
Time when scan will run 21.00
Scanning
Scanning level  'Normal'
Scan inside archive files  Disabled
Scan for Macintosh viruses  Disabled
Scan for adware/PUAs  Enabled
Scan for suspicious files (HIPS)  Disabled
Cleanup
Automatically clean up items that contain a virus/spyware  Disabled
Option if cleanup is not possible, or not wanted  'Do nothing'
Automatically clean up adware/PUA  Disabled
Suspicious files  'Do nothing'

Extensions and exclusions

Feature Setting
Extensions
Scan all files  Disabled
Scan executables and infectable files  Enabled
Scan files with no extension  Enabled
Exclusions
No exclusion options are set by default

 
Per maggiori informazioni o per assistenza, vi preghiamo di contattare il supporto tecnico.

Valutate l'articolo

Molto scadente Eccellente

Commenti