Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 2253 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

realtime protection policy

daren white

my threat protection is set to scan local and remote. If my servers also have Sophos om do I need the rmote part on? My network is very slow since installing Sophos and I wonder if the network sgares are being scanned by rge endpoints and the server itself



This thread was automatically locked due to age.
Parents
  • 0

    Hello daren white,

    My network is very slow since installing Sophos
    generally the scanning overhead is negligible. There is of course additional traffic when scanning remote files but scanning doesn't double it. And anyway, unless you've requested otherwise in your policy (scan all files) only files considered executable or with executable content and those without extension are scanned. Of course the files are scanned on both the server and the clients but as scanning results are cached the server wouldn't repeatedly scan the same file requested by different clients.

    do I need the remote part on?
    if all computers in your network are protected (no BYOD) and guaranteed up to date and you don't exclude certain local files/folders on some devices then perhaps not. As said, normally you shouldn't have a significant performance degradation. It's better to try to determine the underlying reason for the slowness.

    Christian   

Reply
  • 0

    Hello daren white,

    My network is very slow since installing Sophos
    generally the scanning overhead is negligible. There is of course additional traffic when scanning remote files but scanning doesn't double it. And anyway, unless you've requested otherwise in your policy (scan all files) only files considered executable or with executable content and those without extension are scanned. Of course the files are scanned on both the server and the clients but as scanning results are cached the server wouldn't repeatedly scan the same file requested by different clients.

    do I need the remote part on?
    if all computers in your network are protected (no BYOD) and guaranteed up to date and you don't exclude certain local files/folders on some devices then perhaps not. As said, normally you shouldn't have a significant performance degradation. It's better to try to determine the underlying reason for the slowness.

    Christian   

Children
  • 0 in reply to QC

    Ok thanks for that. Is there any way to turn off the application and DLP policies? I really do not need them. Also is there any way to add a bespoke application so that intercept does not scan it. There are options for word, outlook etc but I would like to stop this process from being scanned. I have the network path \\sql\partner in the list of global exclusions but should I use the ip address as well?

     

    Sorry but I do find my pcs go really slow after an update. Is there a way to stop a scan after an update?

  • 0 in reply to daren white

    Hello daren white,

    short post but complex questions. Sorry, no time for a longer reply today.

    Are you talking about Central including Intercept X? Management options differ from the on-premise SESC. Also can you clarify what stop this process from being scanned means (Microsoft has exclude this or that process in their AV exclusions recommendations but so far I have neither found some documentation nor some person - ever from MS - that can tell what exclude a process from scanning or scanning a process is in this context).

    Christian

Unfiltered HTML