Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 8 replies
  • Subscribers 13 subscribers
  • Views 6525 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

First steps with "Sophos Protection for Linux"

Andreas Bockhold

Hello everybody,

for testing purposes I've installed Sophos Protection for Linux on two machines (until now we are just using the agent for Windows). For starters I've read the pages under https://docs.sophos.com/central/customer/help/en-us/PeopleAndDevices/ProtectDevices/ServerProtection/SophosProtectionLinux/index.html

Although the component seems to be installed fine, the agent seems to be nonfunctional.

After downloading the EICAR test nothing happens (I expected to be shown that a virus was automatically found). And does "Server Protection" mean complete antivurs protection? The Windows machines show "Intercept X Advanced for Server with XDR" there...

Some tips or a comprehensive user manual would be very much appreciated. Thanks in advance!

Andreas



This thread was automatically locked due to age.
Parents
  • 0

    Hi Andreas,

    Thanks for reaching out to the Sophos Community Forum. 

    Try running the following command to verify running processes.
    systemctl status sophos-spl

    The on-access scanning process will look like:
               ├─ 1116 /opt/sophos-spl/plugins/av/sbin/soapd    

    You can also find some additional steps in the thread below.
    - Sophos SPL Troubleshooting

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • +1 in reply to Qoosh

    Thank you for your help!

    The process is running and a log file is present. But your link to the SPL Troubleshooting helped. I missed the activated option "Apply scan to Server Protection for Linux Agent". After changing it the test virus was automatically recognized and removed.

    What's just left bothering me now:

    In the column "Protection" my server is shown with "Server protection", in the mentioned "SPL Troubleshooting" thread the serverthere  is shown with "Intercept X Advanced for Server with XDR and MDR". Why is that? In the my server details "XDR" is shown as installed but "Managed Detection and Response" is missing?

Reply
  • +1 in reply to Qoosh

    Thank you for your help!

    The process is running and a log file is present. But your link to the SPL Troubleshooting helped. I missed the activated option "Apply scan to Server Protection for Linux Agent". After changing it the test virus was automatically recognized and removed.

    What's just left bothering me now:

    In the column "Protection" my server is shown with "Server protection", in the mentioned "SPL Troubleshooting" thread the serverthere  is shown with "Intercept X Advanced for Server with XDR and MDR". Why is that? In the my server details "XDR" is shown as installed but "Managed Detection and Response" is missing?

Children
Unfiltered HTML