Skip to content

Antivirus configuration (Mobile Threat Defense policy for Android)

With the Antivirus configuration you manage the malware protection settings of Sophos Intercept X for Mobile.

When you assign this configuration to a device, the corresponding settings in Sophos Intercept X for Mobile are disabled. The user can’t change them.

Setting Description
Update mode Select when Sophos Intercept X for Mobile loads the latest malware information from the Sophos server.
Scheduled scan interval Select how often malware scans are performed.

If you select Daily while charging, a scan is performed when the device is connected to a power supply for more than 30 minutes.

Scan system apps Scan system apps.

System apps aren’t scanned by default because they are protected by the Android OS and because the user can’t uninstall them.

Scan storage Scan all files on internal shared storage, SD card, and connected USB devices for threats, in addition to the default scanning of all installed apps.
Detect PUAs Scan for Potentially Unwanted Applications (PUAs).

PUAs are apps that, while not malicious, are generally considered unsuitable for business networks. PUAs include adware, dialers, system monitors, remote administration tools, and hacking tools. However, certain apps that can fall into the PUA category might be considered useful by some users.

Enable user to allow PUAs Users can allow an app that was classified as PUA. Allowed apps are ignored in subsequent scans.
Mode Select how to deal with low reputation apps:

Allow: Turn off scanning for low reputation apps.

Warn: Display a warning on the device when a low reputation app is detected. Users can choose how to deal with the app. They can add it to a list of allowed apps so that no further warning is displayed if this app is detected.

Block: The user can’t start low reputation apps.

Scan notification When an app is scanned after installation, Sophos Intercept X for Mobile creates a notification.

If the check box is cleared, no notifications are created for clean apps.

Monitor storage Monitor internal shared storage, SD card, and connected USB devices for changes. When new files are stored in these locations, they are scanned.
App group Select a group of apps you want to exclude from low reputation warnings.

Warning: Sophos Intercept X for Mobile detects low reputation apps by their identifier. When you add a legitimate app to the group, Sophos Intercept X for Mobile also ignores apps that maliciously use the same identifier. We recommend that you keep this group small, only adding legitimate apps that would otherwise raise a low reputation warning.