Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 13 subscribers
  • Views 2327 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Difference between Sophosfilescanner.exe and SophosFS.exe process

Sujit Jha1

I wanted to understand the Difference between Sophosfilescanner.exe and SophosFS.exe process, are they same in functionality ?

Is SophosFileScanner.exe have the role of SAVservice.exe which has been removed recently after Core agent update 2.20.11 ?

Please guide.

Regards,
Sujit Jha



This thread was automatically locked due to age.
Parents
  • +1

    SophosFS.exe is the Windows service:

    which spawns the host and worker Sophosfilescanner.exe processes.  The worker loads the data and performs the scanning.  

    The command line of the worker:

    "C:\Program Files\Sophos\Sophos File Scanner\SophosFileScanner.exe"

    --worker
    --engine-path "C:\Program Files\Sophos\Sophos Standalone Engine\engine1\engine\16530583345316758"
    --data-path "C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16566165822853136"
    --pipe-name pid=14000:133010903447290325
    --log-file "C:\ProgramData\Sophos\Sophos File Scanner\Logs\SophosFileScanner.log"
    --log-level 0
    --amsi-thread-count 1
    --amsi-queue-size 512
    --ml-scan-path "C:\Program Files\Sophos\Sophos ML Engine\ML1\scan\16525662898487325"
    --ml-telemetry-path "C:\Program Files\Sophos\Sophos ML Engine\ML1\telemetry\16547847322036918"
    --scan-dispatcher-config-path "C:\ProgramData\Sophos\Sophos File Scanner\Drop\scan_dispatcher_config_16565699311143992.json"

    So you can see references to the engine and data which is the "SSE64" component:
    C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16566165822853136

    and references to the ML engine data provided by the "sme64" component
    "C:\Program Files\Sophos\Sophos ML Engine\ML1\scan\16525662898487325"

    SAVService.exe did used to load the virus data and engine, now the worker process loads the data and engine and ML model.

Reply
  • +1

    SophosFS.exe is the Windows service:

    which spawns the host and worker Sophosfilescanner.exe processes.  The worker loads the data and performs the scanning.  

    The command line of the worker:

    "C:\Program Files\Sophos\Sophos File Scanner\SophosFileScanner.exe"

    --worker
    --engine-path "C:\Program Files\Sophos\Sophos Standalone Engine\engine1\engine\16530583345316758"
    --data-path "C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16566165822853136"
    --pipe-name pid=14000:133010903447290325
    --log-file "C:\ProgramData\Sophos\Sophos File Scanner\Logs\SophosFileScanner.log"
    --log-level 0
    --amsi-thread-count 1
    --amsi-queue-size 512
    --ml-scan-path "C:\Program Files\Sophos\Sophos ML Engine\ML1\scan\16525662898487325"
    --ml-telemetry-path "C:\Program Files\Sophos\Sophos ML Engine\ML1\telemetry\16547847322036918"
    --scan-dispatcher-config-path "C:\ProgramData\Sophos\Sophos File Scanner\Drop\scan_dispatcher_config_16565699311143992.json"

    So you can see references to the engine and data which is the "SSE64" component:
    C:\Program Files\Sophos\Sophos Standalone Engine\engine1\data\16566165822853136

    and references to the ML engine data provided by the "sme64" component
    "C:\Program Files\Sophos\Sophos ML Engine\ML1\scan\16525662898487325"

    SAVService.exe did used to load the virus data and engine, now the worker process loads the data and engine and ML model.

Children
No Data
Unfiltered HTML