Sophos Endpoint Security and
Control restricts access to certain parts of the software to
members of certain Sophos groups.
When
Sophos Endpoint Security
and Control is installed, each user on this computer is
initially assigned to a Sophos group depending on their Windows
group.
Windows group |
Sophos group |
Administrators |
SophosAdministrator |
Power
Users |
SophosPowerUser |
Users |
SophosUser |
Users who are not assigned to a Sophos group,
including Guest users, can only perform the following tasks:
-
On-access scanning
-
Right-click scanning
SophosUsers
SophosUsers can perform the tasks above and also
perform the following tasks:
-
Open the Sophos Endpoint Security and
Control window
-
Set up and run on-demand scans
-
Configure right-click scanning
-
Manage (with limited privileges) quarantined items
-
Create and configure firewall rules
SophosPowerUsers
SophosPowerUsers have the same rights as SophosUsers,
with the addition of the following rights:
-
Greater privileges in Quarantine manager
-
Access to Authorization manager
SophosAdministrators
SophosAdministrators can use and configure any part
of
Sophos Endpoint Security and
Control.
Note: If
tamper protection is enabled, a SophosAdministrator must know the
tamper protection password to perform the following tasks:
-
Configure on-access scanning.
-
Configure suspicious behavior detection.
-
Disable tamper protection.
For more information, see
About tamper protection on this computer.