This article provides a description of the functional differences between Heartbeat on SAV for Linux compared to Heartbeat on SAV for Windows.
Applies to the following Sophos product(s) and version(s)
SAV Linux 10.2.0 +
All supported Linux distributions (see KBA 119802)
Heartbeat on Windows depends on the MTD packet tracer to do C3 process lookup and indeed Windows heartbeat and MTD are being combined to make sure this is efficient.
SAV Linux uses two separate packet sniffers; a discriminating one in MTD that looks only for outgoing HTTP connections over TCP and drops anything that isn't that as soon as it can, while heartbeat has it's own TCP/UDP packet capture optimised for capture efficiency that grabs all TCP and UDP packets. Therefore SAV for Linux Heartbeat does not require MTD.
As SAV for Linux does not use HIPS this is not necessary
This is a Windows specific feature that refers to Microsoft's DNS server for Windows, a specific component with a known location supplied by the (single) OS vendor which would not be the case in Linux environments.
For SAV for Linux there is no Quarantine Manager so threats are remembered by the adapter in memory, are cleared on reboot and the Health Status returns to green on reboot.
b. For Heartbeat on SAV Windows a threat that is cleaned up only triggers orange Health status (failure to cleanup = red) SAV Linux cleanup has no cleanup, so red status is the only one used.
There is an additional process heartbeartd controlled by savd. This runs under root.
The log file Heartbeat.log is found in the /opt/sophos-av/log/heartbeat
As well as connectivity and configuration messages this contains heartbeat status messages such as:
Current status is -> health: Good (1) service: Good(1) threat: Good(1)
Current status is -> health: Bad (3) service: Good(1) threat: Bad(3)
Current status is -> health: Bad (3) service: Bad(3) threat: Good(1)
as per the following :
The information reported is to the firewall is in three areas; Health, Service, and Threat.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.