Prevent suspicious behavior

Important: If a management console is used to administer Sophos Endpoint Security and Control on this computer, it may override any changes you make here.

Suspicious behavior detection watches all system processes for signs of active malware, such as suspicious writes to the registry or file copy actions. It can be set to warn the administrator and/or block the process.

If you are a member of the SophosAdministrator group, you can change the settings for detecting and reporting suspicious behavior:

  1. Click Home > Anti-virus and HIPS > Configure anti-virus and HIPS > Configure > Behavior monitoring .
  2. In the Configure Behavior Monitoring dialog box, select the Enable behavior monitoring check box.
  3. Select the Detect malicious behavior check box.
  4. To alert the administrator and block suspicious processes, select the Detect suspicious behavior check box.
  5. To alert the administrator, but not block suspicious processes, select the Alert only, do not block suspicious behavior check box.

For the strongest protection, we advise you to scan for suspicious files. For more information, see the following topics: