2. Further Configuration and Setting up Manual and Scheduled Scans

2.1. General Sophos Settings

The Sophos clients that OUCS distributes come with a preset standard configuration. The default actions are:

  • Clean up virus-infected files. If this fails it will move them to a special folder: C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED (Windows XP) or C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED (Windows 7 and Vista).
  • A weekly full scan of your C: drive is scheduled to run at 21:00 on Wednesdays.
  • Web Protection is enabled

If you wish to change any Sophos client settings you may do so. This section covers some common configuration changes including configuring and running manual scans. For full details, refer to the built-in Help in the Sophos EndPoint Security and Control program.

Open Sophos and you will see the following screen. Note particularly the greyed out Home button near the top of the window under the [Help] menu. You can use this button from other Sophos screens to return to this main window.

Sophos front page

Choose the option Configure anti-virus and HIPS.

A new screen will open showing the different configuration settings available.

Configuration screen

Click on the first option [On-access scanning] under the Configure heading to open the On-access scanning configuration screen.

The options on the Scanning tab control whether on-access scanning is enabled together with when Sophos will check files (i.e. on read, on write etc.). For version 10 of Sophos files are checked On read, On write and On rename.

on access scanning settings

The Scan for section of this tab specifies what type of malware Sophos checks for. By default Sophos is configured to scan for malware including viruses but will not check for Adware and PUAs (potentially unwanted applications) or Suspicious files. This is because some legitimate software can be detected if these options are enabled. Enabling these options is more thorough but may also detect legitimate software. If you do want to enable them we recommend that you first do a manual scan of your computer for Adware and PUAs and/or Suspicious files. You can then authorise any any legitimate software that is detected as supicious or a PUA before you enable detection of these files via On-access scanning. To authorise legitimate software use the [Anti-Virus/Authorization...] option on the [Configure] menu.

The settings on the Cleanup tab allow you to configure the options for removing malware.

Cleanup tab settings

If you change any settings then click the Apply button followed by the OK button to close the configuration window. You will return to the main configuration page.

2.2. Configuring, Running and Scheduling Scans

2.2.1. Configuring a new scan

Sophos provides automatic on-access scanning which gives you constant protection against viruses in any files, emails etc. that you are actually using. In addition, you can perform on-demand scans of either your whole hard disk(s) or just selected sections.

On-demand scans can be run manually, or you can schedule them to run at a particular time and on particular days of the week. The preconfigured package provided is configured to run a scan every Wednesday at 9pm. You can't edit this scan but you can delete it and set up your own scan.

To configure scans first return the the Sophos main page by clicking on the Home button near the top of the window under the [Help] menu. Now click on the Scans icon.

Scans icon

The scan configuration page will open. Under Available scans you should see the preconfigured Wednesday 9pm Scan that has been set up for you.

Scans window

To start a scan of your whole computer click on the Scan my computer icon (this option is also on the home page.)

Scan my computer icon

To configure your own scan(s), first select the Set up a new scan icon from the Scans page.

Set up a new scan
Settings for your own scan

From here you can choose what files or folders the program will scan for you. In this example on Windows 7, Sophos has been configured to scan My Documents. In the Scan name box, add a name e.g. My Documents Scan.

Next, select the Configure this scan option near the bottom of the window. A new window, Individual scan settings, will open. The Cleanup tab will allow you to specify what Sophos does it it finds any malware. The options on both the Scanning and the Cleanup tabs are very similar to those outlined in section 2.1. General Sophos Settings.

Scan-specific configuration options.

Once you have configured your scan , save the new scan settings. This new scan will be added to the front page in the Available Scans box:

List of available scans created by the user

To start the scan, click on the Start button next to the name of the scan. Sophos will then scan the files and directories specified when it was configured.

2.2.2. Scheduled scans

Saved scans can be scheduled to run automatically on your machine. NB. You cannot save a scheduled scan if you do not have a password set to log on to your machine. For advice on passwords and password security please see the OUCS Password pages.

  1. From the Available Scans listing on the front page, open a saved scan by selecting it from the list and then clicking on Edit. The scan configuration page will open.
  2. Click on the Schedule this Scan option near the bottom of the window.
  3. A new screen will open. Initially all options are greyed out, but these are enabled by clicking the Enable schedule checkbox. Sophos adds default values when this is first enabled.

  4. Change the default settings to those that you require. In our example, the scan is scheduled to run every weekday at 21:00.

    Schedule a scan screen

    Type the username and password you use to log onto the machine into the boxes provided. Click OK to save the new schedule.

  5. The scan will run automatically at the day and time specified. Note that if your computer is turned off at the time when the scan is supposed to run then it simply will not run.

2.2.3. Running a scan

To run the general virus scan, return to the main Sophos window (use the Home button under the [Help] menu) and select the Scan my computer icon. This will immediately start a full scan of your system.

Scan my computer

To run a saved scan, select the Scans option on the main Sophos window to view the list of available scans. Select a scan from the list and then click on the Start button. Note that you cannot do this for the preconfigured Wednesday 21:00 scan.

Once a scan has started you will see the following screen:

Picture shows a scan in process

Click the More button to see if any viruses have been found on your system during the scan. At the end of the scan you will see a summary of the results:

Scan results summary

Up: Contents Previous: 1. Installing and Updating Sophos