Is there a way of automatically scanning removable media when attached to a PC? We had an outbreak of conficker a few months back (don't want to go through that again!) and are still getting the odd memory stick attached by teachers that has conficker on. I'd be a lot happier if all memory sticks/USB hard drives were fully scanned each time they were attached!
I am also trying to educate staff to ensure their home PCs are fully protected!
edit - useful info.. We're running Enterprise console 4 and Endpoint security 9
The big troubble in USB keys is the malware that Sophos can't detect becuase with the malware detected by Sophos the network can't is infected.
The option to scan or clean the USB can managed by a "USB use policy", however I have some observations:
1) Only the admin users can delete and clean malware from USB if this are blocked by Sophos and sent to Quarantine.
To solve this issue we uses the "Right Click Scanning" with a option Clean and Delete malware automatically.
2) In most cases to configure the "Right Click Scanning" need a help from IT staff. This can solve if this options could be configured from Enteprise Console as the "Antivirus and HIPs" policy.
3) If Sophos can detect and block the USB devices, I think that Sophos can add a Window message to help the users to Scan the USB keys when this is connected to PC. With this manner if the user have selected the option once, for example, when connected the first time to the PC the second or next times he can cancel the process.
The Sophos message is "Simplicity" and the idea is provide a "Simple" option to users to scan your USB's or other medias when it's are connected to the Pc's.
4) To combat the unknow malware (mainly don't detected by Sophos) a new Device Control option as "Block the Executable Files" can help to protect the network without lost the functionality to copy/read/delete other documents from this medias. In the business the users generally uses your USB's to transport documents (word, excel, ppt, txt, etc).
5) Sophos need one option to sent automatically the suspect files to SophosLabs because most malwares are detected as Suspicious with HIPS activated. But, again the process to remove or send this samples to SophosLabs is a unusable for the users (no IT users - 99% de users in a business).
Finally, I think that Sophos are searching the best option to manage this cases (No-Admin Quarantine Management, No-Admin Malware Magement, USB, etc.) :smileytongue:
Linck Tello Flores