We use Sophos Intercept X Advanced for servers.
Is it possible to create a job to scan a NAS share when Sophos is installed on a Windows server?
The sav32cli.exe existed in an earlier version, but i could not find it in new installations.
C:\Program Files\Sophos\Endpoint Defense\SophosInterceptXCLI.exe scan \\fs\server --verbose --noui --expand_archives
might do what you want.
C:\ProgramData\Sophos\Sophos UI\Logs\SophosScanCoordinator.log is the log but it writes to stdout with noui as per the output of:
SophosInterceptXCLI.exe scan help
Note: you will get emails for detections for this scan providing they are enabled. It will also create events locally in the UI as per normal detections. Also in the Application Event log. Source "Sophos System Protection".
E.g.C:\Program Files\Sophos\Endpoint Defense>SophosInterceptXCLI.exe scan \\fs1\web --verbose --noui --expand_archives
\\fs1\web\exploit.docx (1%) \\fs1\web\exploit.docx (Detected as 'Mal/DocDl-C' type: 'Malware')...\\fs1\web\test\payload.html (16%) \\fs1\web\test\payload.html (Detected as 'Troj/DocDl-AGDX' type: 'Malware')\\fs1\web\old\web_images\bg.png (17%)...\\fs1\web\public_html\s\uploaded_files\0.jpg (100%)
Detections: \\fs1\web\exploit.docx (Detected as 'Mal/DocDl-C' type: 'Malware') \\fs1\web\test\payload.html (Detected as 'Troj/DocDl-AGDX' type: 'Malware')
Scan summary: Detections: 2 Clean files: 132 Unscanned files: 0 Inaccessible files: 0
Thanks for your answer.
Unfortunately, SophosInterceptXCLI.exe is not available in my installation.
You might need 2022.1. You could ask support to move you on to it. Thanks.
You might be able to get it by adding one computer to the EAP as a test. It just depends on if your account has been migrated. Maybe worth a try.
Our installed Version is 2021.3.1.11 and it shows that it is up to date.
I'll contact the Sophos Support.
Thanks for your Help!