This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Disable on-demand scanning for Windows RDS

We have an Remote Desktop Services server that needs to be protected but we don't want the users initiating a virus scan as it would reduce the experience for other users. Is there any way to disable user initiated scans? Or better yet, prevent the user from opening the client interface at all?

Thanks,

Tyler

Hilltop Community Resources

This thread was automatically locked due to age.

0 jak over 8 years ago

Hi,

You could maybe look into using Windows restricted groups (https://support.microsoft.com/en-gb/kb/279301) to define who is a member of the local Sophos groups. I.e. the SophosAdministrator, SophosUser and SophosPowerUser groups.

Beyond that, you could look to remove the right click scan option:
regsvr32 /u /s "C:\program files (x86)\sophos\Sophos Anti-Virus\savshellextx64.dll"

You might have to run this again after a major update.

Other options that spring to mind include software restriction policies to prevent certain exe files running and there is a hidetrayicon DWORD under the HKLM\software\wow6432node\sophos\AutoUpdate\ key that prevents almon.exe (the shield tray icon) from launching. This would mean that you don't get interactive popup messages though to say something was blocked.

Hope it helps.

Regards,

Jak
Cancel
Vote Up 0 Vote Down

Cancel