Configure on-access scanning

CAUTION: On-access scanning may not detect viruses if certain encryption software is installed. Change the startup processes to ensure that files are decrypted when on-access scanning begins. For more information on how to use anti-virus and HIPS policy with encryption software, see Sophos support knowledgebase article 12790 http://www.sophos.com/en-us/support/knowledgebase/12790.aspx.
Important: If a management console is used to administer Sophos Endpoint Security and Control on this computer, it may override any changes you make here.
By default, Sophos Anti-Virus detects and cleans up the following threats during an on-access scan:
  • viruses
  • Trojans
  • worms
  • spyware

To configure on-access scanning:

  1. Click Home > Anti-virus and HIPS > Configure anti-virus and HIPS > Configure > On-access scanning .
  2. To change when on-access scanning occurs, under Check files on, set the options as described below.
    Option Description
    Read Scan files when they are copied, moved, or opened.
    Rename Scan files when they are renamed.
    Write Scan files when they are saved or created.
  3. Under Scan for, set the options as described below.
    Option Description
    Adware and PUAs Adware displays advertising (for example, pop-up messages) that may affect user productivity and system efficiency.

    PUAs (Potentially Unwanted Applications) are not malicious, but are generally considered unsuitable for business networks.
    Suspicious files Suspicious files exhibit a combination of characteristics that are commonly, but not exclusively, found in viruses.
  4. Under Other scanning options, set the options as described below.
    Option Description
    Allow access to drives with infected boot sectors Turn on this option to allow access to an infected bootable removable medium or device such as a bootable CD, floppy disk, or USB flash drive.

    Use this option only if advised to by Sophos technical support.

    See also the Troubleshooting topic Allow access to drives with infected boot sectors.
    Scan all files We recommend that you leave this option turned off, as it will affect computer performance adversely. You should scan all files only during a weekly scan.
    Scan inside archive files Turn on this option to scan the contents of archives or compressed files. You need to do this only if you download and distribute such files without extracting the contents.

    We recommend that you leave this option turned off, as it makes scanning significantly slower.

    You will still be protected against any threats in archives or compressed files, as any components of an archive or compressed file that may be malware will be blocked by on-access scanning:

    • When you open a file extracted from the archive file, the extracted file is scanned.
    • Files compressed with dynamic compression utilities such as PKLite, LZEXE, and Diet are scanned.
    Scan system memory Turn on this option to automatically run an hourly background scan that detects malware hiding in the computer's system memory (the memory that is used by the operating system).
    Note: This option is available only on 32-bit operating systems.