This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Removable Media Scanning on insertion?

Hello,

I've looked though the forums and only really see the same two posts about this from 5 years ago.

Has this functionality been added to Sophos? I'm not finding it in the Management Console and am hoping that there is a way to do this now.

I look forward to your reply,

Thanks
Ryan

This thread was automatically locked due to age.

Parents

+1 Gowtham Mani over 6 years ago

Hi Ryan Bell,

The auto scan feature for removable media is not available as of now. As explained by QC the real-time scan would be in place to protect you again the active threats in the drive. Also in the production environment if the scan commences everytime someone connects an external drive would delay the use of the drive(The more data it contains, the longer it would take to complete the scan).

However, you can vote to the feature request External device Auto Scan.

Regards,

Gowtham Mani
Community Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 stixxz over 6 years ago in reply to Gowtham Mani

Hello,

Thank you both for your replies. They have helped determine that we will use an alternative strategy to mitigate risk.

Much appreciated

Ryan
Cancel
Vote Up 0 Vote Down

Cancel
0 QC over 6 years ago in reply to stixxz

Hello Ryan,

what risks are you thinking about? The automatic scan isn't more sensitive than On-Access scanning thus I don't see any advantage, i.e. additional protection, for everyday use.

Christian
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 6 years ago in reply to stixxz

Hello Ryan,

what risks are you thinking about? The automatic scan isn't more sensitive than On-Access scanning thus I don't see any advantage, i.e. additional protection, for everyday use.

Christian
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 stixxz over 6 years ago in reply to QC

Hello Christian,

Mainly the inherit risks that are associated with USB's. If we were able to have on insertion capabilities to be able to scan for autorun.infs and other potential threats and allow the USBs to be read only, then it could potentially be a viable option. As that doesn't seem the case, ( minus the read only ), we're better off continuing to block the capability all together.
Cancel
Vote Up 0 Vote Down

Cancel
0 QC over 6 years ago in reply to stixxz

Hello Ryan,

autorun.inf is (as the other files potentially called by it) opened by standard means and thus subject to an on-access scan (apart from that autorun should be disabled anyway). As said, an automatic scan wouldn't be able to detect more than on-access. And consider the case that the threat couldn't be cleaned - unless the device is blocked until the scan finishes (this might be a serious impact on usability, there are already TByte devices) and is subsequently disabled the endpoint wouldn't be protected without on-access scanning being active. And, BTW, there's an automatic boot sector scan upon insertion to alert you of harmful bootable devices. Furthermore, that a device is R/W doesn't pose a threat (this is a consideration in conjunction with data leakage).

IMO the desire for such an automatic scan is a relic of ancient times, the age of floppy discs, INT13h, and someone or somecompany who said isn't it cool that it runs on its own and all you have to do is slot it in?

Christian
Cancel
Vote Up 0 Vote Down

Cancel