Possible improvements from my point of view

Hello Christian,

I will explain my suggestions more fully in this post. At least one thing. Because we have a large scale installation of Sophos we have to do as many Sophos jobs from remote as possible. It is not always possible to log on the clients and see what's going on with the Sophos client.

some sort of progress view when initiated a full scan from the EC :

Just for the Full System Scan. It would be nice to see in the EC that it progresses. Right now I can just assume the System Scan is running.

more detailed view per computer especially which policy settings are deployed (keyword "differs from policy")

You just got me. What you have written is exactly what I want. At least it would help to see the differences in the client gui. We have clients with "differs from policy" but I don't see what is different when checking the client locally. But I must admit that I did not check any logfiles on the client side.

per schedule settings, especially exclusions/inclusions

Ok. I should have provided an example:

I have set up Sophos on our File Service Cluster node and wanted to schedule two scans. One scan should only be for the system drive c:. The other scan should only be for the SAN volumes. The scan for the system drive should include Root Kit Scan and the SAN scan should not.

Unfortunately the exclusions apply to all schedules.

"include this and exclude everything else"

Again an example would be usefull:smileyhappy:. We had one case where one department requested the scanning of one directory on a cluster volume and all other directories should be excluded. I managed to implement the policy by using the common way. But hey, it were quit an amount of directories to exclude:). Oh yes I am talking about on-access scanning.

per computer/per user policies

A per user policy is nice to have but not necessary. A per computer policy would be better. Just to explain why it would be best for our needs.

We have setup an AD and do synchronize the OUs with our Sophos installation. Every department has it's own OU with their computers in it, well the user OUs and the computer OUs are seperate. Because we deploy group policies for particular computer OUs it is almost not possible to move computers to a "Sophos OU" to deploy a different policy than other computers in this department OU. By writing these words it comes to my mind maybe we should break with the synchronisation between AD and Sophos...But we use this to automatically deploy the Sophos client on new machines.

download/creation of certain files

I have to discuss this with our network team. In my mind is a policy of such kind "block the downloading of keygen.exe" for example.

Your suggestions are also very good! Would like to see them realized

Regards
Marcus

PS: Had to look up what "TANSTAAFL " meant. Wikipedia is your friend:smileyhappy:

Hello Christian,

I will explain my suggestions more fully in this post. At least one thing. Because we have a large scale installation of Sophos we have to do as many Sophos jobs from remote as possible. It is not always possible to log on the clients and see what's going on with the Sophos client.

some sort of progress view when initiated a full scan from the EC :

Just for the Full System Scan. It would be nice to see in the EC that it progresses. Right now I can just assume the System Scan is running.

more detailed view per computer especially which policy settings are deployed (keyword "differs from policy")

You just got me. What you have written is exactly what I want. At least it would help to see the differences in the client gui. We have clients with "differs from policy" but I don't see what is different when checking the client locally. But I must admit that I did not check any logfiles on the client side.

per schedule settings, especially exclusions/inclusions

Ok. I should have provided an example:

I have set up Sophos on our File Service Cluster node and wanted to schedule two scans. One scan should only be for the system drive c:. The other scan should only be for the SAN volumes. The scan for the system drive should include Root Kit Scan and the SAN scan should not.

Unfortunately the exclusions apply to all schedules.

"include this and exclude everything else"

Again an example would be usefull:smileyhappy:. We had one case where one department requested the scanning of one directory on a cluster volume and all other directories should be excluded. I managed to implement the policy by using the common way. But hey, it were quit an amount of directories to exclude:). Oh yes I am talking about on-access scanning.

per computer/per user policies

A per user policy is nice to have but not necessary. A per computer policy would be better. Just to explain why it would be best for our needs.

We have setup an AD and do synchronize the OUs with our Sophos installation. Every department has it's own OU with their computers in it, well the user OUs and the computer OUs are seperate. Because we deploy group policies for particular computer OUs it is almost not possible to move computers to a "Sophos OU" to deploy a different policy than other computers in this department OU. By writing these words it comes to my mind maybe we should break with the synchronisation between AD and Sophos...But we use this to automatically deploy the Sophos client on new machines.

download/creation of certain files

I have to discuss this with our network team. In my mind is a policy of such kind "block the downloading of keygen.exe" for example.

Your suggestions are also very good! Would like to see them realized

Regards
Marcus

PS: Had to look up what "TANSTAAFL " meant. Wikipedia is your friend:smileyhappy: