In this section

• Home
• Support
• Knowledgebase
• Articles

Online support

• Knowledgebase
• Virus disinfection

Product maintenance

• Downloads and updates
• Documentation
• Software lifecycle

Contact support

• Talk to an expert
• Send a sample
• Email us

Support services

• Overview
• Technical Support
• Professional Services
• Technical Training

Sophos Anti-Virus for Windows 2000+: authorizing suspicious items

When Sophos Anti-Virus for Windows 2000+, version 7 and above, displays an alert about a suspicious file or suspicious behavior, you can authorize the item either for the individual computer or for a group of computers on your network.

What to do

When you receive an alert about a specific file or program, you must decide whether to authorize it. The desktop alert on the local computer and the 'Alert and error details' tab in Enterprise Console both provide a link to more information about the potential threat.

To allow a group of users on your network to open the file or program, use Enterprise Console to authorize it. If you would like to allow access to this one computer only, authorize the file or program in the local computer.

1. Authorizing suspicious items in Enterprise Console

1. Check which anti-virus and HIPS policy is used by the group(s) of computers you want to allow to access the item:
   • Find the group in the Groups pane.
   • Right-click and select View group policy details.
2. In the Policies pane, double-click 'Anti-virus and HIPS'.
3. Double-click the policy you want to change.
4. In the 'Anti-virus and HIPS policy' dialog box, click 'Authorization'.
5. In the Authorization Manager window, select the tab for the type of behavior that has been detected, e.g. Buffer overflow.
6. Find the file or program that has been detected and move it from the 'Known' list to the 'Authorized' list.
7. Click 'OK'.

2. Authorizing suspicious items on the local computer

1. If it’s displayed, right-click the Sophos Shield and select ‘Open Sophos Antivirus’ (or go to Start|Programs|Sophos|Sophos Anti-Virus and select 'Sophos Anti-Virus'.
2. Select 'Configure Sophos Anti-Virus'.
3. Select 'Authorization'.
4. In the Authorization Manager window, select the tab for the type of behavior that has been detected, e.g. Buffer overflow.
5. Find the file or program that has been detected and move it from the 'Known' list to the 'Authorized' list.
6. Click 'OK'.

Note: When it is first installed, Sophos Anti-Virus, version 7 and above, runs in alert only mode. Items found are not blocked, but can be dealt with in Quarantine Manager. See the rollout guide for more information.

If you need more information or guidance, then please contact technical support.

• Article ID: 25227
• Created: 10 May 2007
• Last updated: 13 Oct 2008

Rate this article Choose a rating Very useful Quite useful Moderately useful Not very useful Not useful at all

•  Read our search tips
• Contact one of our experts
• Suggest an improvement