Sophos Anti-Virus

Managing the Detection of Suspicious Files and Behavior

Sophos Anti-Virus provides two forms of detection:

  • Suspicious file detection indicates files that have characteristics commonly, though not uniquely, found in malware.
  • Suspicious behavior detection indicates files that are exhibiting behavior commonly, though not uniquely, found in malware.

Note: When Sophos Anti-Virus is first installed, suspicious behavior is handled in alert only mode.

When blocking of suspicious behavior and files is enabled, Sophos Anti-Virus will:

  • Block a file that it detects as a suspicious file. You will need to authorize that file if you want it on your system.
  • Alert you when it has detected what may be suspicious behavior.

However, Sophos Anti-Virus will only indicate that the file or behavior may be a threat, as in some cases it may turn out to be a clean and legitimate file. You will need to look at the file and determine whether you want to continue to block it, or to authorize it.

When a suspicious file is detected

  • From the Quarantine manager, select an item listed in the display
  • Click Perform action
  • Choose either Authorize or Clean up from the drop down menu

  • You will be prompted to confirm, choose Yes or Yes To All

  • When complete, you will see the Quarantine Actions confirmation screen