This article describes the forms of suspicious detections from Sophos Endpoint Security and Control and instructions on what to do if these detections were encountered.
The following sections are covered:
Applies to the following Sophos products and versions Sophos Endpoint Security and Control
Sophos Endpoint Security and Control provides two forms of suspicious detection:
Note: When Sophos Endpoint Security and Control is first installed, Suspicious Behavior protection is in alert only mode.
When blocking of Suspicious Behavior and files is enabled, an endpoint will
However, Endpoint Security and Control will only indicate that the file or behavior may be a threat, as in some cases it may turn out to be a clean and legitimate file. You will need to look at the file and determine whether you want to continue to block it, or to authorize it.
Do one of the following:
For more information about how to configure the scanning and detection of suspicious behavior and suspicious files, and how to authorize or block these programs and files, refer to the Sophos Endpoint Security and Control Help.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable for us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.