This article provides information on Sophos Malicious Traffic Detection.
What is the Sophos Malicious Traffic Detection?
Some complex malware includes a communication to remote servers for further instructions/updates or to upload/download further files.
The Sophos Malicious Traffic Detection is a component that monitors HTTP traffic for signs of connectivity to known bad URLs such as Command and Control servers. Detection of this traffic shows an early indicator that a new piece of malware may be present. This contributes to collecting samples which enables Sophos Labs to write specific detection.
What traffic is checked?
All HTTP traffic from non-browser applications is checked.
Does it also monitor browser traffic?
No. The web protection does that.
Is it available on both Windows and Mac?
Yes, it is available on both platforms.
How do I enable Malicious Traffic Detection?
The Malicious Traffic Detection feature is enabled by default. But when it is disabled, do the following to re-enable it:
- Log in to your Sophos Home dashboard.
- Click on your device.
- Go to Protection tab > General tab.
- Look for Malicious Traffic Detection and make sure that it is toggled on.
Where do I see the logs of detected items?
All detections can be seen on the History tab of the device in the Sophos Home dashboard.