TU Berlin

Center for CampusmanagementConfiguration Sophos Anti Virus

"das Wort tubIT in roter Schrift auf weißem Grund"

Page Content

to Navigation

Configuration of Sophos Anti-Virus

On one hand you can comfortably install and even configure Sophos from a Windows Server. This is convenient for Windows domains in particular where the domain administrator usually has full access to the client computers. In such cases the domain administrator can configure the Sophos settings from a central position and should proceed with caution.
On the other hand there are many workstations where Sophos can only be installed manually, because they not part of a domain for example. Unfortunately users tend to forget to adjust the standard Sophos configuration. This is highly recommended since the default settings are not sufficient. By default neither a desinfection or removal of Virus affected files is executed.
The following instructions will present the most important points of a Windows Sophos configuration.
For the installation two local groups are created: "SophosAdministrator" and "SophosUser". Member of "SophosAdministrator" is the local "Administrator" group so that every local Windows administrator is Sophos administrator who can make all required changes.
The group "SophosUser" includes all local Windows users who will be able to use Sophos Antivirus as application allowing them to scan the local hard disk drive for virures or setup their own search routines for certain drives or directories.
As mentioned before one has to differentiate between settings which can be configured by an administrator and those who configurable by all users.
First we will discuss the administrator settings. Only he/she got access to the configuration of "On-Access Scan", "On-Demand Addons and Excepetions" and is the only one who can configure time-based scans and notifications/logs. The administration of all these points is conducted seperately and independent from each other.

1 Administrator Settings

1.1 On-Access Scan

The on-access scan is executed upon read and/or write accessing a file whereas the access type (read, write, rename) can be configured. By default the on-access scan is activated for read access. There is nothing wrong about that.

Using the "Erweiterungen" you can specify which files are to be scanned. By default an editable list with certain file types like bat, exe, doc or similar is set. This list can be used an extended. You may also consider scanning all files. You can also scan archives (see tab "Überprüfung") which is deactivated by default. Sophos recommends to deactivate the scanning of archive since it slows down the scan process. Moreover Sophos refers to the fact that unpacked files of an archive will be scanned upon access. This only applies if on-access scan is activated, which should usually be the case.

The tab "Ausnahmen" can be used to exclude objects like drives, folders or files from the scan procedure. This may be necessary for databases which are slowed down by Sophos.


The tab "Desinfektion" is of importance since you should select "automatische Desinfektion" and the removal or moving of infected files which can not be desinfected here.

1.2 On-Demand Scan

The On- Demand Scan is a time scheduled or user initiated virus scan process. Either the whole hard disk, a drive or a folder will be scanned. Using the configuration "On-Demand-Erweiterungen und -Ausnahmen" you can set the global settings for scanning. Here you can specify which files types are to be scanned. Moreover you can define exceptions. In conclusion you should choose settings similar to those of the on-access scan configuration.

1.3 Setup of a Scheduled Scan

Only a Sophos administrator can configure a scheduled scan. This may be suitable for servers which are used in daytime so that a complete scan only makes sense in the evening or at night.

As already mentioned the global settings of the on-demand scan apply. But still you can edit or overwrite these settings for the scheduled scan. This applies for: the intensity of the scan, the scan objects (e.g. archives or all files) and how the disinfection is conducted. A scan of all files with normal intensity and automatic desinfection (or moving resp. removal of non-disinfectable files) is recommended.

1.4 Notification

It is recommended to use the e-mail notification for the report of errors or virus events especially if the administrator is not user of the computer.

After starting Sophos Anti Virus as Sophos Administrator and selection of the option "Sophos Anti Virus konfigurieren" -> "Benachrichtigung" you can find a tab "E-Mail-Benachrichtigung".

Here you can activate the notifications, enter the e-mail address of the persons who are to be informed, the types of notifications and using "SMTP konfigurieren.." you can specify the outgoing mail server. For TU Berlin it is "mailbox.tu-berlin.de".

Hier aktivieren Sie das Ganze, geben die E-Mail-Adressen der zu informierenden Personen, die Art der Meldungen und über die Schaltfläche "SMTP konfigurieren..." den Postausgangsserver an. Dieser lautet in der TU Berlin "mailbox.tu-berlin.de".

1.5 Configure Logs

The default settings for logging are: normal log type, archiving and compression of the logs, whereas a maximum of 4 archives including all log files of a month are stored. This should be usually sufficient.

Now we will discuss the adjustments which can be made by Sophos users.

2 User Settings

2.1 Setup of a Scan

Every member of the group "SophosUser" can setup his/her own scan. It is possible to configure which folders are to be scanned. Addtionally you can select the scan intensity, the file types (archives or all files) and the desinfection type.

2.2 Right-click Scan

Furthermore SophosUsers can activate the right-click scan, which allows the scan of single files in the Windows Explorer. The corresponding settings are found here: "Konfigurieren" -> "Überprüfung bei Rechtsklick...".

Here you should select "alle Dateien" and configure the desinfection type. We recommend using "Automatische Desinfektion" and in emergency cases a removal or moving of an infected file.


Quick Access

Schnellnavigation zur Seite über Nummerneingabe