In this section

• Home
• Support
• Knowledgebase
• Articles

Online support

• Knowledgebase
• Virus disinfection

Product maintenance

• Downloads and updates
• Documentation
• Software lifecycle

Contact support

• Talk to an expert
• Send a sample
• Email us

Support services

• Overview
• Technical Support
• Professional Services
• Technical Training

Sophos Control Center: configuring on-access scanning

From Sophos Control Center, you can configure on-access scanning for computers on your network so they will report and deal with virus infections.

You can also configure on-access scanning locally on individual computers. Full details can be found in the Sophos Anti-Virus user manuals:

• in the Sophos Anti-Virus for Windows 2000+ version 6.0 and above manual, refer to the section 'Changing when on-access scanning occurs'.
• in the Sophos Anti-Virus for Windows 98/Me version 4.5 and above manual, refer to the section 'On-access scanning: Selecting what is scanned'.

By default, on-access scanning is installed and enabled on all computers. The default configuration for on-access scanning

• enables on-read scanning
• scans at 'Normal' level
• uses the default file extensions list
• does not either disinfect or delete files.

These settings can be changed.

What to do

Editing your on-access scanning settings

1. In Sophos Control Center left-hand pane, select 'Configure scanning'.
2. If necessary, select 'Enable on-access scanning'.
3. Click 'On-access'.

The 'On-access scan settings' options are displayed in tabbed pages.

On-access scanning behavior

These options are available in the Scanning tab.

• On read
  To check files when they are opened, select 'On read'. This option should be used on all workstations and most other computers.
• On write
  To check files when they are written to a computer, either by that computer, or by another computer, select 'On write'. This option should be used where there is any danger of something spreading to shared folders across the network.
• On rename
  Where necessary, use this in conjunction with 'On write' scanning.

Disinfecting and removing files

These options are available for selection in the Cleanup tab. No confirmation is asked for before any of these actions is taken.

• Automatic disinfection
  Select 'Automatically clean up items that contain a virus', to implement on-access disinfection of macro viruses, and boot sector viruses on floppy disks, for Windows and Mac OS X computers. This will also disinfect some executable (program) file viruses on Windows 2000/XP/2003 computers. For Windows 98/Me, use a scheduled scan to disinfect executable files.
  If you regularly use on-access disinfection, you should check the logs for your computers and ensure that you are aware of any potential side-effects caused by the viruses that have been removed.
• Other actions against infected files
  You should usually use the 'Do nothing' option, as in some circumstances 'Remove' might delete a (multiply infected) file that could have been disinfected. These options are not available for Windows 98/Me.
  • During a worm outbreak, using 'Remove' in conjuction with 'On write' can prevent the worm spreading futher across network shares.
  • If infected files are moved, they can no longer be started by the operating system. However, you can still recover them and disinfect them. Some viruses will replace any of their files that have been deleted (e.g. W32/Sober-B), so moving is sometimes useful.

Extensions and exclusions

For information on configuring the Extensions and Exclusions tabbed pages, see Sophos Control Center Help.

If you need more information or guidance, then please contact technical support.

• Article ID: 22069
• Created: 15 Dec 2006
• Last updated: 11 Jan 2007

Rate this article Choose a rating Very useful Quite useful Moderately useful Not very useful Not useful at all

•  Read our search tips
• Contact one of our experts
• Suggest an improvement