The Sophos Community will be unavailable from 13:00 to 18:00 UTC this Saturday, October 1st for upgrades. Stay tuned to our Twitter account @SophosSupport for updates.
This article describes the Sophos LiveProtection functionality.
Known to apply to the following Sophos product(s) and version(s) Sophos Anti-Virus for Linux v9
Operating systems Linux
LiveProtection is a new feature for the Linux endpoint in Sophos Anti-Virus for Linux v9.
Live Protection improves detection of new malware without the risk of unwanted detections. This is achieved by doing an instant lookup against the very latest known malware. When new malware is identified, Sophos can send out updates within seconds.
If the anti-virus scan on an endpoint computer has identified a file as suspicious, but cannot further identify it as either clean or malicious, based on the threat identity (IDE) files stored on the computer, certain file data (such as its checksum and other attributes) is sent to Sophos to assist with further analysis.
The in-the-cloud checking performs an instant lookup of a suspicious file in the SophosLabs database. If the file is identified as clean or malicious, the decision is sent back to the computer and the status of the file is automatically updated.
Enabling LiveProtection for a standalone endpoint To turn on Live Protection, type: /opt/sophos-av/bin/savconfig set LiveProtection true
set LiveProtection true
Enabling LiveProtection from Enterprise Console (for managed endpoints) In the Enterprise Console, for the relevant 'Anti-Virus and Hips' policy, select the 'Enable Sophos LiveProtection' checkbox.
Note: The 'Automatically send samples to Sophos' option is not currently applicable to Linux endpoints.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.