You can apply enhanced email content scanning.
Sophos Home scans downloaded programs in real time and analyzes data from questionable websites and servers you come across to detect and remove malware, exploits and vulnerabilities. Plus, Sophos Home Premium stops cybercriminals from stealing your information by encrypting your keystrokes and blocking dangerous phishing sites. Sign in to Sophos Home dashboard. Select the computer where you need to make the exclusion. Click on the PROTECTION - General - Exceptions to enter your exclusions. Enter the file or folder name in the field then press enter. Sophos HIPS Test Files. These files enable testing and demos of Sophos behavior protection (HIPS) feature for endpoint products. The executable is a harmless file that will trigger a behavior-based Sophos detection HPmal/Eicar-A. Sophos HIPS Test (zip) Sophos HIPS Test (exe) Adult or Sexually Explicit. Free sophos home antivirus download includes a 30 day trial of Sophos Home Premium, with ransomware security, advanced phishing protection and more.
Upon completion, the scan will appear on your Sophos Home Dashboard under New Activity tab: Running a scan using the Sophos Home main window. The Scan Computer button performs a full system scan on Sophos Home free version, and a quick scan for Sophos Home premium version. Double-click on the Sophos Home shield on the system tray.
Enhanced content and file property scan
This is our highest level of protection against email malware. It is on by default.
This setting applies to inbound and outbound messages.
Un-scanned emails
You can choose what happens to messages that cannot be scanned. The available actions are:
- Quarantine
- Delete
- Tag subject line
This setting applies to inbound messages only.
There are various reasons we may not be able to scan specific messages:
- Inability to access the file: The file is identified correctly, but the software can't access the file to decompress or scan it.
- Corrupt file: The file is corrupt, which means it cannot be accessed.
- Correct identification of a file, but unexpected content is encountered: The file is correctly identified and access is granted, however unexpected content is found. The antivirus scan process produces an error.
- Scanner times out: The antivirus scanner times out when attempting to scan. There are several reasons this can occur. Some examples are, when a file is compressed in lots of nested levels and when the antivirus scanner exceeds the scan time limit.
- Large compressed attachment: If a compressed attachment is too large, it cannot be scanned. It may be that the attachment is nested within too many levels of compression, the compressed files included are too large or there are too many compressed files within the attachment.
These are just some examples. There may be other reasons.
Email addresses and domains that you add to the Inbound Allow/Block list and Sophos encrypted emails won't be scanned.
Time of Click URL Protection
This is available with an Email Advanced license only and is turned on by default.
When Time of Click URL Protection is enabled, URLs contained within inbound messages are rewritten so that they point to Sophos Email instead of the original destination.
When the link is clicked, Sophos Email performs an SXL lookup, and if it is malicious it is blocked. If the URL is clean, the action taken when you click the link will depend on what you have specified in the policy. For example, if you have set medium risk websites as allowed, once the link has been checked and has been classified as not malicious, the link will take you to the original link destination.
The domain name will be displayed at the start of the rewritten URL so that you can see where the link will send you, if allowed. For example d=domain.com.
You can select the action you want to take for websites with the following reputation levels:
- High risk: Includes illegal sites, sites containing malware and phishing sites.
- Medium risk: Includes sites associated with spam and anonymizing proxies.
- Unverified: The reputation of the website can't be verified.
You can't allow high risk websites.
You can also control whether URLs are rewritten in plain text messages and within securely signed messages:
- Plain text messages: refers to emails with no HTML formatting. Without HTML formatting, when URL rewriting is enabled, the entire encoded URL will display in the email. You can bypass URL re-writing in these messages by deselecting the Re-write URLs in plain text messages. option.
- Securely signed messages: URL rewriting may break the signatures of S/MIME, PGP, and DKIM signed messages. You can bypass URL re-writing in these messages by deselecting the Re-write URLs within securely signed messages. option.
Sophos Online Scanner
Sandstorm
This is available with an Email Advanced license only and is turned on by default.
Sandstorm sends emails that may contain active malicious content to an isolated virtual environment where they are opened and checked. If emails are found to be malicious, they are removed.
When Sandstorm is enabled, you can select your preferred sandbox location.
Messages that may be malicious will run in a virtual environment for closer inspection.
Messages that are clean are delivered as normal. Messages that contain advanced threats are discarded.
Impersonation Protection
This is available with an Email Advanced license only and is turned on by default.
Sophos Scan Stuck
This feature detects emails that pretend to be from well-known brands, or from very important people (VIPs) in your organization.
Choose the action taken when emails are detected by this feature.
In summary reports, these emails are labeled as advanced threat.
You can add email addresses for VIPs in VIP management.