This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Removable Media Scanning on insertion?

Hello,

I've looked though the forums and only really see the same two posts about this from 5 years ago.

Has this functionality been added to Sophos? I'm not finding it in the Management Console and am hoping that there is a way to do this now.

I look forward to your reply,

Thanks
Ryan



This thread was automatically locked due to age.
Parents Reply Children
  • Hello Ryan,

    what risks are you thinking about? The automatic scan isn't more sensitive than On-Access scanning thus I don't see any advantage, i.e. additional protection, for everyday use.

    Christian

  • Hello Christian,

    Mainly the inherit risks that are associated with USB's. If we were able to have on insertion capabilities to be able to scan for autorun.infs and other potential threats and allow the USBs to be read only, then it could potentially be a viable option. As that doesn't seem the case, ( minus the read only ), we're better off continuing to block the capability all together.

  • Hello Ryan,

    autorun.inf is (as the other files potentially called by it) opened by standard means and thus subject to an on-access scan (apart from that autorun should be disabled anyway). As said, an automatic scan wouldn't be able to detect more than on-access. And consider the case that the threat couldn't be cleaned - unless the device is blocked until the scan finishes (this might be a serious impact on usability, there are already TByte devices) and is subsequently disabled the endpoint wouldn't be protected without on-access scanning being active. And, BTW, there's an automatic boot sector scan upon insertion to alert you of harmful bootable devices. Furthermore, that a device is R/W doesn't pose a threat (this is a consideration in conjunction with data leakage).

    IMO the desire for such an automatic scan is a relic of ancient times, the age of floppy discs, INT13h, and someone or somecompany who said isn't it cool that it runs on its own and all you have to do is slot it in?

    Christian