Sophos Proactive Monitoring Proactive Monitoring is a service that can be provided by Sophos to continuously monitor the system health and status of your appliance. If there is ever a need to do so, Sophos will contact you and advise you about what action may need to be taken to ensure the continued smooth functioning of your appliance.

File Integrity Monitoring lets you monitor files, folders, registry keys, or registry values for changes.

• Sophos is retiring this product on 20 July 2023. For product retirement details, see our retirement calendar. The steps on how to configure the following detection methods can be found on the Enterprise Console Help HTML online documentation. Go to Configuring policies then Behavior monitoring.
• Sophos Endpoint Detection and Response (EDR) lets you investigate detected threats (“threat cases”) and search for new threats. It also lets you monitor devices and fix issues remotely. Managed Threat Response. Managed Threat Response (MTR) is a service that warns you.

This monitoring helps you comply with security requirements like PCI DSS.

To set up a policy, do as follows:

1. Go to Server Protection > Policies.
2. Create a File Integrity Monitoring policy or edit the Base Policy.
3. Open the policy's Settings tab.
4. Select Use File Integrity Monitoring.

By default, we monitor critical Windows system files. You can set up custom monitoring if you want to monitor other locations.

Custom monitoring

To monitor a location, do as follows.

1. Go to Custom monitoring.
2. Click Add location.
3. In Add location, select the item Type.
   Note If you select Folder, we monitor the folder and the files in it by default. To monitor only the files in the folder, deselect Monitor changes to the folder as well as the files.
   Note If you select Registry Key, we monitor the key but not the values in it. You must use the location type Registry Value to monitor values.

   You can use variables.

4. Click Add or Add Another.

To edit a location already in the list, click its path and update the details.

To delete a location from the list, click the cross on the right.

Monitoring exclusions

To exclude a location from monitoring, do as follows.

Sophos Web Page Monitoring

1. Go to Monitoring exclusions.
2. Click Add exclusion.
3. In Add exclusion, select the item Type.
   Note If you select Folder, you exclude the folder and the files in it.
   Note If you select Registry Key, you exclude the key and the registry values within it.

   You can use variables.

4. Click Add or Add Another.

To edit a location already in the list, click its path and update the details.

To delete a location from the list, click the cross on the right.

Sophos Employee Monitoring

Proactive Monitoring is a service that can be provided by Sophos to continuously monitor the system health and status of your appliance. If there is ever a need to do so, Sophos will contact you and advise you about what action may need to be taken to ensure the continued smooth functioning of your appliance.

Sophos Network Monitoring

If your Email Appliance indicates that Sophos Proactive Monitoring is disabled, then you are not subscribed to this service. To subscribe to the Sophos Proactive Monitoring service, contact your Sophos representative.