Scheduled Scan does Not Work

I guess my first question is why do you feel you need to run scheduled scans on endpoints and all this "manual" scanning? Is it just because you have moved to Sophos and just curious to see if anything is lurking?  So this is a one time event?

I suppose on a file server you may want to run a scan initially and scan inside archives potentially.  Then maybe once a week there after on say a Saturday.  Servers are less of an issue as they are always on so unlikely to miss a scan.

It might be worth mentioning that SSPService performs a trickle background scan regardless of scheduled scans.

You mention keeping "up to date" at the end, is that up to date in terms of scheduled scans or actual updates.  

Yes these are new installs so want to make sure they are clean, already had some detections but regardless, if a product has a feature such as scheduled scan which is set for once a week and if you have your systems showing they haven't been scanned in almost 2 weeks, well that is an issue. Yes up to date in my mind is everything is in a healthy state, vague but overall I'm referring. Thanks

I suppose it's worth mentioning that the scheduled scan as it is today, is part of the older Sophos Anti-Virus (SAV) component, which comprises SAVService.exe and the service that carries out the scanning. 

The current scheduled scan schedules:
"C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe" and the argument is a scan id in the config file which is based on the policy.

For example, you could create a task to run:
"C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe" {F86EBCD5-687E-40B1-800D-021062361F6C}
This is the GUID of "Scan my computer" as found in machine.xml. You could set this up with all the parameters you like.  This would then be untouched if you were to disable the scheduled from policy.

The SAV component, is going to be removed from the endpoint in the not too distant future I understand and the scheduled scans will be part of the Core Agent component.  I suspect that the SSPService will start the scan based on the policy at that point. So I suspect the reliance on the task manager will go. The removal of SAV will remove, 3 drivers and 6 user mode services which is something I'll be pleased to see.

I suppose it's worth mentioning that the scheduled scan as it is today, is part of the older Sophos Anti-Virus (SAV) component, which comprises SAVService.exe and the service that carries out the scanning. 

The current scheduled scan schedules:
"C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe" and the argument is a scan id in the config file which is based on the policy.

For example, you could create a task to run:
"C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe" {F86EBCD5-687E-40B1-800D-021062361F6C}
This is the GUID of "Scan my computer" as found in machine.xml. You could set this up with all the parameters you like.  This would then be untouched if you were to disable the scheduled from policy.

The SAV component, is going to be removed from the endpoint in the not too distant future I understand and the scheduled scans will be part of the Core Agent component.  I suspect that the SSPService will start the scan based on the policy at that point. So I suspect the reliance on the task manager will go. The removal of SAV will remove, 3 drivers and 6 user mode services which is something I'll be pleased to see.

Ooooo this is exciting! So many services/components today. 

Thank you so much for this information, this is very helpful and really really good information to provide me. Much appreciated. Take care my friend.