Sophos Anti-Virus: managing the detection of suspicious files and behavior

Sophos Anti-Virus provides two new forms of detection:

Suspicious file detection indicates files that have characteristics commonly, though not uniquely, found in malware.
Suspicious behavior detection indicates files that are exhibiting behavior commonly, though not uniquely, found in malware.

Note: When Sophos Anti-Virus is first installed, suspicious behavior is handled in alert only mode.

When blocking of suspicious behavior and files is enabled, Sophos Anti-Virus will

block a file that it detects as a suspicious file. You will need to authorize that file if you want it on your system.
alert you when it has detected what may be suspicious behavior.

However, Sophos Anti-Virus will only indicate that the file or behavior may be a threat, as in some cases it may turn out to be a clean and legitimate file. You will need to look at the file and determine whether you want to continue to block it, or to authorize it.

What to do

Do one of the following:

For more information about how to configure the scanning and detection of suspicious behavior and suspicious files, and how to authorize or block these programs and files, refer to the Sophos Endpoint Security network startup guide and the Enterprise Console user manual.

If you need more information or guidance, then please contact technical support.