This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Daily Scan NAS Share with Intercept X Advanced

We use Sophos Intercept X Advanced for servers.

Is it possible to create a job to scan a NAS share when Sophos is installed on a Windows server?

The sav32cli.exe existed in an earlier version, but i could not find it in new installations.


This thread was automatically locked due to age.
  • Hello There, 

    Thank you for reaching us, Allo us to have a quick check on this and get back to you. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • The command:

    C:\Program Files\Sophos\Endpoint Defense\SophosInterceptXCLI.exe scan \\fs\server --verbose --noui --expand_archives

    might do what you want.

    C:\ProgramData\Sophos\Sophos UI\Logs\SophosScanCoordinator.log is the log but it writes to stdout with noui as per the output of:

    SophosInterceptXCLI.exe scan help

    Note: you will get emails for detections for this scan providing they are enabled.  It will also create events locally in the UI as per normal detections. Also in the Application Event log. Source "Sophos System Protection".

    E.g.
    C:\Program Files\Sophos\Endpoint Defense>SophosInterceptXCLI.exe scan \\fs1\web --verbose --noui --expand_archives

    \\fs1\web\exploit.docx (1%)
    \\fs1\web\exploit.docx (Detected as 'Mal/DocDl-C' type: 'Malware')
    ...
    \\fs1\web\test\payload.html (16%)
    \\fs1\web\test\payload.html (Detected as 'Troj/DocDl-AGDX' type: 'Malware')
    \\fs1\web\old\web_images\bg.png (17%)
    ...
    \\fs1\web\public_html\s\uploaded_files\0.jpg (100%)

    Detections:
    \\fs1\web\exploit.docx (Detected as 'Mal/DocDl-C' type: 'Malware')
    \\fs1\web\test\payload.html (Detected as 'Troj/DocDl-AGDX' type: 'Malware')

    Scan summary:
    Detections: 2
    Clean files: 132
    Unscanned files: 0
    Inaccessible files: 0

    Regards,

  • Thanks for your answer.

    Unfortunately, SophosInterceptXCLI.exe is not available in my installation.

  • You might need 2022.1. You could ask support to move you on to it. Thanks.

  • You might be able to get it by adding one computer to the EAP as a test. It just depends on if your account has been migrated. Maybe worth a try.

  • Our installed Version is 2021.3.1.11 and it shows that it is up to date.

    I'll contact the Sophos Support. 

    Thanks for your Help!