Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 3598 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

multiple vendors AV on single user device

fox

hi 

I have a requirement to have two layers of AV on a single user device.  I already use a different vendor to sophos for the primary solution but was wondering if sophos would be a good pick for the secondary check.

Obviously not all AV products can sit together on a single windows desktop and may cause performance problems

my thinking was to have the second product as a command line only solution, this being called from a script after the first vendors sweep has executed.

I know sophos has a command line tool and I hope this could be used, before I can test this I have the following questions...

1) How would a command line only sophos solution stay up to date signature wise, alot of command line only AV products are for a standalone  environment and do not have a backend infrastructure.  I would prefer a pull solution from the desktop to check for dat updates ETC, I don't want our sys man solution pushing this.

2) Is the sophos signature digitally signed?

thanks all

fox

:1868


This thread was automatically locked due to age.
Parents
  • 0

    Hello fox,

    while you can use as many products as you can get your hands on to perform on-demand (or scheduled) scans you should really use only one to perform on access scanning (Sophos refuses to install if it detects a competitor or even traces thereof) as not only performance suffers but they will interfere with and in the worst case block each other.

    Sounds like a management requirement anyway. Assuming that the "device" is "on the net" and that the "live" (or on-access as it's called here) scanner fails to identify a threat and it creeps in, an on-demand scan will probably come too late (although it might help cleaning up the mess).

    You only want to run the command line scanner you can do so from a network drive. No need to install, it won't refuse to run and it is kept up do date by the computer hosting the share. All this of course assuming the "device" is sufficiently clean.

    this being called from a script after the first vendors sweep has executed

    So what you have in mind is: use the first product's on-access scanning and also perform a (full) scan at regular intervals (daily? weekly? ...) and afterwards perform a scan with a second product? Or am I mistaken? Depending on the size of the disk(s) this might take quite some time.

    Is the sophos signature digitally signed?

    I'm sure I do not understand this question (or the underlying concerns) - could you explain?

    Christian

    :1874
Reply
  • 0

    Hello fox,

    while you can use as many products as you can get your hands on to perform on-demand (or scheduled) scans you should really use only one to perform on access scanning (Sophos refuses to install if it detects a competitor or even traces thereof) as not only performance suffers but they will interfere with and in the worst case block each other.

    Sounds like a management requirement anyway. Assuming that the "device" is "on the net" and that the "live" (or on-access as it's called here) scanner fails to identify a threat and it creeps in, an on-demand scan will probably come too late (although it might help cleaning up the mess).

    You only want to run the command line scanner you can do so from a network drive. No need to install, it won't refuse to run and it is kept up do date by the computer hosting the share. All this of course assuming the "device" is sufficiently clean.

    this being called from a script after the first vendors sweep has executed

    So what you have in mind is: use the first product's on-access scanning and also perform a (full) scan at regular intervals (daily? weekly? ...) and afterwards perform a scan with a second product? Or am I mistaken? Depending on the size of the disk(s) this might take quite some time.

    Is the sophos signature digitally signed?

    I'm sure I do not understand this question (or the underlying concerns) - could you explain?

    Christian

    :1874
Children
No Data
Unfiltered HTML