This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Daily Scan NAS Share with Intercept X Advanced

We use Sophos Intercept X Advanced for servers.

Is it possible to create a job to scan a NAS share when Sophos is installed on a Windows server?

The sav32cli.exe existed in an earlier version, but i could not find it in new installations.


This thread was automatically locked due to age.
Parents
  • The command:

    C:\Program Files\Sophos\Endpoint Defense\SophosInterceptXCLI.exe scan \\fs\server --verbose --noui --expand_archives

    might do what you want.

    C:\ProgramData\Sophos\Sophos UI\Logs\SophosScanCoordinator.log is the log but it writes to stdout with noui as per the output of:

    SophosInterceptXCLI.exe scan help

    Note: you will get emails for detections for this scan providing they are enabled.  It will also create events locally in the UI as per normal detections. Also in the Application Event log. Source "Sophos System Protection".

    E.g.
    C:\Program Files\Sophos\Endpoint Defense>SophosInterceptXCLI.exe scan \\fs1\web --verbose --noui --expand_archives

    \\fs1\web\exploit.docx (1%)
    \\fs1\web\exploit.docx (Detected as 'Mal/DocDl-C' type: 'Malware')
    ...
    \\fs1\web\test\payload.html (16%)
    \\fs1\web\test\payload.html (Detected as 'Troj/DocDl-AGDX' type: 'Malware')
    \\fs1\web\old\web_images\bg.png (17%)
    ...
    \\fs1\web\public_html\s\uploaded_files\0.jpg (100%)

    Detections:
    \\fs1\web\exploit.docx (Detected as 'Mal/DocDl-C' type: 'Malware')
    \\fs1\web\test\payload.html (Detected as 'Troj/DocDl-AGDX' type: 'Malware')

    Scan summary:
    Detections: 2
    Clean files: 132
    Unscanned files: 0
    Inaccessible files: 0

    Regards,

Reply
  • The command:

    C:\Program Files\Sophos\Endpoint Defense\SophosInterceptXCLI.exe scan \\fs\server --verbose --noui --expand_archives

    might do what you want.

    C:\ProgramData\Sophos\Sophos UI\Logs\SophosScanCoordinator.log is the log but it writes to stdout with noui as per the output of:

    SophosInterceptXCLI.exe scan help

    Note: you will get emails for detections for this scan providing they are enabled.  It will also create events locally in the UI as per normal detections. Also in the Application Event log. Source "Sophos System Protection".

    E.g.
    C:\Program Files\Sophos\Endpoint Defense>SophosInterceptXCLI.exe scan \\fs1\web --verbose --noui --expand_archives

    \\fs1\web\exploit.docx (1%)
    \\fs1\web\exploit.docx (Detected as 'Mal/DocDl-C' type: 'Malware')
    ...
    \\fs1\web\test\payload.html (16%)
    \\fs1\web\test\payload.html (Detected as 'Troj/DocDl-AGDX' type: 'Malware')
    \\fs1\web\old\web_images\bg.png (17%)
    ...
    \\fs1\web\public_html\s\uploaded_files\0.jpg (100%)

    Detections:
    \\fs1\web\exploit.docx (Detected as 'Mal/DocDl-C' type: 'Malware')
    \\fs1\web\test\payload.html (Detected as 'Troj/DocDl-AGDX' type: 'Malware')

    Scan summary:
    Detections: 2
    Clean files: 132
    Unscanned files: 0
    Inaccessible files: 0

    Regards,

Children