Suspicious behavior detection watches all system processes for signs of active malware, such as suspicious writes to the registry or file copy actions. It can be set to warn the administrator and/or block the process.
If you are a member of the SophosAdministrator group, you can change the settings for detecting and reporting suspicious behavior: