SOPHOS and Hanwha camera servers with Windows OS.

I am the admin for quite a number of Hanwha camera servers.  Several in particular are in a school system.  Once our servers were installed, unknown to us, they deployed SOPHOS on the servers.  Now we are seeing numerous crashes, lockups, packet losses and HDD storage issues.  The District is bent on keeping the software and won't create exceptions to help alleviate these issues as prescribed by Hanwha engineering.  In order to maintain decorum I need to come up with a plan that will satisfy both parties.  This may involve having to utilize a different approach or different software.  Any help with this would be most welcome!

Thanks so much! 



Added Tags
[edited by: GlennSen at 5:58 AM (GMT -8) on 30 Jan 2024]
Parents
  • Hi Sid,

    Thanks for reaching out to the Sophos Community Forum. 

    May I ask what types of exclusions were suggested? Would these be IP address exclusions, file/folder or process exclusions?

    It may also help to inquire with the engineering team about the types of operations the excluded items will perform on the server, or highlight any additional measures in place to harden the application(s) from potential compromise or misuse. 

    For a more thorough look into what impact Sophos is having on the problematic processes, it may also help to perform some component isolation to determine which scanning features impact your application the most. Our team can also assist in checking logs to verify if Sophos is simply performing the scanning it’s designed to do or if conflicts may be present. A support case would be best for this type of investigation, though you're welcome to follow up on your post here as well.

    Lastly, I'd suggest creating a new threat protection policy with the changes suggested by engineering implemented. Performing some A/B testing between the two policies may help demonstrate the issue and resolution to the concerned teams.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply
  • Hi Sid,

    Thanks for reaching out to the Sophos Community Forum. 

    May I ask what types of exclusions were suggested? Would these be IP address exclusions, file/folder or process exclusions?

    It may also help to inquire with the engineering team about the types of operations the excluded items will perform on the server, or highlight any additional measures in place to harden the application(s) from potential compromise or misuse. 

    For a more thorough look into what impact Sophos is having on the problematic processes, it may also help to perform some component isolation to determine which scanning features impact your application the most. Our team can also assist in checking logs to verify if Sophos is simply performing the scanning it’s designed to do or if conflicts may be present. A support case would be best for this type of investigation, though you're welcome to follow up on your post here as well.

    Lastly, I'd suggest creating a new threat protection policy with the changes suggested by engineering implemented. Performing some A/B testing between the two policies may help demonstrate the issue and resolution to the concerned teams.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children
No Data