Default anti-virus scanning options for Sophos Cloud

  • Article ID: 119637
  • Rating:
  • 2 customers rated this article 3.0 out of 6
  • Updated: 10 Apr 2015

This article details the default anti-virus policy options for both User based and Server based policies:

Applies to the following Sophos product(s) and version(s)
Sophos Cloud

For real-time scanning, the following options are enabled:

  • Scan on read
  • Scan on rename
  • Scan on write
  • Scan system memory
  • Scan remote files
  • Auto clean-up (if clean-up fails, then deny access)
  • Scan for malicious behaviour
  • Malicious URL protection
  • Download scanning
  • Potentially Unwanted Application (PUA) scanning
    • PUAs are blocked by default.  Once detected you will need to either authorize the application in policy or clean up the application from the Dashboard.
  • Scans executable files (does not unnecessarily scan files which cannot infect a computer)
  • Sophos Live Protection

The following are disabled:

  • Allow access to boot sector
  • Scan inside archives (Items extracted from the archive will be scanned in real-time regardless of this setting.  In addition to this the scheduled scan can be configured to scan within archives to search for dormant infected files. This can add significant processing overhead so it is not included in real-time scanning.)
  • Scan for/detect suspicious files (malicious behaviour detection provides protection against new (“day zero”) malware)
  • Detect suspicious behaviour (malicious behaviour detection provides protection against new (“day zero”) malware)
  • Buffer overflow detection(malicious behaviour detection provides protection against new (“day zero”) malware)

For scheduled scanning:

This has the same settings as the real-time scanning. It has the following scheduled scan specific settings enabled:

  • Scan for rootkits
  • Low priority scan
  • Scanning inside archives can be enabled


  • For user based policies no scheduled scan is created by default. For server based policies a default weekly scan is configured to run at 00:00.
  • For server based policies where the option 'Automatically exclude activity by known applications' has been checked, see article 121461 for details on the automatically configure exclusions.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent