Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 4 subscribers
  • Views 5832 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos SEP Can perform scanning when the computer starts up?

Jacky Tu

Dear All

Is there any way to perform a scan when the computer is turned on? 

I tried SAV32CLI but it took too long to scan.  so is there any other way to do it?



This thread was automatically locked due to age.
Parents
  • 0

    Hello Jacky Tu,

    any way to perform a scan when the computer is turned on
    automatically I assume. No.
    Why do you want to do this? Why do you think it is needed or what could be the benefit?

    Christian

  • 0 in reply to QC

    Dear QC

     I found a solution BackgroundScanClient.exe can complete my needs.

     My manager wants to automate scanning

  • 0 in reply to Jacky Tu

    Hello Jacky Tu,

    yes, that's an undocumented but workable "hack".

    My manager wants
    of course, this is what managers are supposed to do and subordinates are supposed to fulfill management's requests.
    Excuse the sarcasm. Typically the (perceived) degraded startup performance is cause for concern and the wish is that AV should rather not "interfere" - neither with scanning nor updating. The benefit of such a startup scan is IMO questionable. Assuming the recommended settings have been in effect on the endpoint - where should a new threat come from? Your manager probably doesn't want that the computer remains locked until after the scan has completed. Thus it is essential that On-Access/Real-Time scanning is enabled. But then the startup scan is redundant.

    Christian

Reply
  • 0 in reply to Jacky Tu

    Hello Jacky Tu,

    yes, that's an undocumented but workable "hack".

    My manager wants
    of course, this is what managers are supposed to do and subordinates are supposed to fulfill management's requests.
    Excuse the sarcasm. Typically the (perceived) degraded startup performance is cause for concern and the wish is that AV should rather not "interfere" - neither with scanning nor updating. The benefit of such a startup scan is IMO questionable. Assuming the recommended settings have been in effect on the endpoint - where should a new threat come from? Your manager probably doesn't want that the computer remains locked until after the scan has completed. Thus it is essential that On-Access/Real-Time scanning is enabled. But then the startup scan is redundant.

    Christian

Children
  • 0 in reply to QC

    Many thanks you suggest ,this forum has benefited me a lot.

  • 0 in reply to Jacky Tu

    The other thing to consider is if the computer has been off, chances are an update is required, maybe just a new ide file.

    So the computer starts, the Sophos AutoUpdate Service starts and by default after 5 mins, the first update check is performed before continuing on the defined schedule.  An identity is installed, this invalidates the previous on-access cache.  So if you are going to kick off a scan at startup I would start it after the first update so a) you're scanning with the latest data and b) the update doesn't terminate the scan.

    The registry key:

    32-bit:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\AutoUpdate]
    "StartupDelay"=dword:0000000a

    64-bit

    [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Sophos\AutoUpdate]
    "StartupDelay"=dword:0000000a

    can be set if needed to control the behaviour. In the above example the AutoUpdate service would wait 10 seconds after starting before calling an update check.


    Regards,

    Jak

Unfiltered HTML