This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

local machines scanning network volumes. help please.

Hi,

I have recently upgraded to the latest version of Enterprise console and upgrading Sophos on the pc's and macs to the latest versions.

I have come across a setting which concerns me.

On version 7 within the mac prefs and in the On-Access Scanning tab what does the following setting actually mean??

"options"

"Scan: Files on network volumes"   "selecting this opetion can slow down access to network files."

Firstly what does this setting mean and how does it work?
Does it mean the Sophos will constantly be scanning the network?

is it a good idea to turn this off?

Keeping in mind our servers have thousands of files which are constantly being accessed and we work from our servers, pdf's, word, excel, quark, jpg's, tiff's,  psd's etc. etc.

when i turn the setting off within enpoint security the computer flags up a warning "differs from policy" however i can't find this setting within the policies.

How do i turn it off within the policy in enterprise console?

Some of our pcs are very very slow, if you turn off on access scanning they pc's are totally different machines and become very speedy, you mainly notice the hangs with anything network related, i am wondering if it is this network scanning setting which is causing the problem and where can i find it within Enterprise console?

I guess it is probably not the best idea to have it turned off but we are well covered with Sophos WS1000 and a ES4000 also endpoint security. I have also set scheduled scan every night and setup the machines to shutdown once the scan has complete. All our servers have on access scanning turned off but once again they are scheduled to scan every night and sitting comfortably behind Sophos es4000 and WS1000.

Thanks for you help.

:826


This thread was automatically locked due to age.
Parents
  • Hi,

    i can't find this setting within the policies - guess it's the checkbox on the bottom of the Windows/Macs Exclusions tab: Exclude remote files. Sophos obvioulsy doesn't recommend it - in the Windows client GUI it's all but hidden and it's not easy to find (if at all, I gave up) in the docs.

    While scanning does delay access to files it should not be a problem - our users work with files on the fileservers all the time and you can bet they would complain (and we scan on both read and write since Conficker). On-access both on server and client, even if it might seem paranoid. I can attest that if you turn on the non-recommended "scan inside archive files" things get nasty though.

    "Access" is not only a user actively opening a file. Explorer (in windows) and the "interested parties" which extract detailed information on a file if you roll the mouse over it also open the file (and cause it to be scanned if it's of the "dangerous" type).

    We usually don't run scheduled scans on the clients and only from time to time on the servers (daily backup together with on-access scanning seems sufficient) .

    Christian

    :827
Reply
  • Hi,

    i can't find this setting within the policies - guess it's the checkbox on the bottom of the Windows/Macs Exclusions tab: Exclude remote files. Sophos obvioulsy doesn't recommend it - in the Windows client GUI it's all but hidden and it's not easy to find (if at all, I gave up) in the docs.

    While scanning does delay access to files it should not be a problem - our users work with files on the fileservers all the time and you can bet they would complain (and we scan on both read and write since Conficker). On-access both on server and client, even if it might seem paranoid. I can attest that if you turn on the non-recommended "scan inside archive files" things get nasty though.

    "Access" is not only a user actively opening a file. Explorer (in windows) and the "interested parties" which extract detailed information on a file if you roll the mouse over it also open the file (and cause it to be scanned if it's of the "dangerous" type).

    We usually don't run scheduled scans on the clients and only from time to time on the servers (daily backup together with on-access scanning seems sufficient) .

    Christian

    :827
Children
No Data