Sophos Anti-Virus
Managing the Detection of Suspicious Files and Behavior
Sophos Anti-Virus provides two forms of detection:
- Suspicious file detection indicates files that have characteristics commonly, though not uniquely, found in malware.
- Suspicious behavior detection indicates files that are exhibiting behavior commonly, though not uniquely, found in malware.
Note: When Sophos Anti-Virus is first installed, suspicious behavior is handled in alert only mode.
When blocking of suspicious behavior and files is enabled, Sophos Anti-Virus will:
- Block a file that it detects as a suspicious file. You will need to authorize that file if you want it on your system.
- Alert you when it has detected what may be suspicious behavior.
However, Sophos Anti-Virus will only indicate that the file or behavior may be a threat, as in some cases it may turn out to be a clean and legitimate file. You will need to look at the file and determine whether you want to continue to block it, or to authorize it.
When a suspicious file is detected
- From the Quarantine manager, select an item listed in the display
- Click Perform action
- Choose either Authorize or Clean up from the drop down menu
- You will be prompted to confirm, choose Yes or Yes To All
- When complete, you will see the Quarantine Actions confirmation screen