This article outlines the required permissions of the services account and the user performing the installation.
Applies to the following Sophos product(s) and version(s) Sophos for Microsoft SharePoint
When installing Sophos for Microsoft SharePoint, you need to be logged on with local administrator rights. If you are in a domain, you must also be a domain user.
Note: By default the installer will create or attempt to use a local SOPHOS SQL instance for the Sophos for Microsoft SharePoint databases, if you want to use a different SQL instance then you need to be a member of the SQL Sysadmin role on this database server.
During the install you need to specify a services account for the Sophos for Microsoft SharePoint services. It is advised that the Farm account is not used because according to Microsoft guidance accounts used by application pools should not be in the Local Administrators group. The services account has the below requirements based on its scanning/cleaning functionality:
PS C:\Add-SPShellAdmin DOMAIN\Account
Note: The above permissions are required by the Microsoft SharePoint Virus Scanning API (VSAPI) interface, which is used by Sophos for Microsoft SharePoint for on-access anti-virus scanning
The services account needs permissions to scan and clean items, as required by the permissions model in use.
Note: For a default SharePoint installation, Site Collection Administrator rights over the required sites are usually required, including the SharePoint Central Administration web site if you need to scan this site.
Related information / See also
Sophos for Microsoft SharePoint startup guide Version 2 Sophos for Microsoft SharePoint startup guide Version 3
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.