Sophos Live Protection decides whether a suspicious file is a threat and, if it is a threat, takes immediate action as specified in the Sophos Anti-Virus cleanup configuration.

Sophos Live Protection improves detection of new malware without the risk of unwanted detections. This is achieved by doing an instant lookup against the very latest known malware. When new malware is identified, Sophos can send out updates within seconds.

Sophos Live Protection uses the following options:

• Enable Live Protection

  If the anti-virus scan on an endpoint computer has identified a file as suspicious, but cannot further identify it as either clean or malicious based on the threat identity (IDE) files stored on the computer, certain file data (such as its checksum and other attributes) is sent to Sophos to assist with further analysis.

  The in-the-cloud checking performs an instant lookup of a suspicious file in the SophosLabs database. If the file is identified as clean or malicious, the decision is sent back to the computer and the status of the file is automatically updated.

• Automatically send sample files to Sophos

  If a file is considered suspicious, but cannot be positively identified as malicious based on the file data alone, you can allow Sophos to request a sample of the file. If this option is enabled, and Sophos does not already hold a sample of the file, the file will be submitted automatically.

  Submitting sample files helps Sophos to continuously enhance detection of malware without the risk of false positives.