This article lists the recommended threat protection policy settings for Sophos central managed endpoints. Threat protection keeps you safe from malware, risky file types and websites, and malicious network traffic. The following sections are covered:
Applies to the following Sophos products and versions Sophos Central Admin
Click Use Recommended Settings if you want to use the settings Sophos recommends. These provide the best protection you can have without complex configuration. If Sophos changes recommendations in the future, the threat protection policy will be updated automatically with new settings.
Live Protection checks suspicious files against the latest malware in the SophosLabs database.
Deep learning uses advanced machine learning to detect threats. It can identify known and previously unknown malware and potentially unwanted applications without using signatures. Deep learning is only available with Sophos Intercept X.
Real-time scanning scans files as users attempt to access them, and denies access unless the file is clean. Local files are scanned by default.
Real-time scanning scans internet resources as users attempt to access them.
Sophos Central will try to clean up detected malware automatically.
Runtime protection protects against threats by detecting suspicious or malicious behavior or traffic.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.