Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 4295 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to apply "Advanced" on-access scanning option centrally.

BenedictSiu

Hi everyone,

Just want to find out if there a way to set the said advanced scanning options from SEC or via Windows registry or any config files?

Thank you in advance.



This thread was automatically locked due to age.
Parents
  • 0

    Hello BenedictSiu,

    if you open the Advanced ... settings from the local GUI (guess this is what you mean) you get a pop-up telling you that these options are very specialized and you should use them only with advice from Sophos technical support. If you indeed need specialized settings on (some of) your endpoints you shouldn't experiment without contacting Support first.

    Christian

  • 0 in reply to QC

    Hi Christian, 

    Thank you for your reply.

    Problem I had was that the end user clicked on a attachment from his email and it turned out to be Ransomware. For this particular malware, updated SAV should be able to detect it. However the malware was wrapped in a MIME container, therefore SAV did not pick it up since the option for scanning MIME was not turned on and it is only available in the advance settings.

    I just wants to ask if there is a way that I can turn this option on from SEC or via registry or any config file because it is not possible to choose the option from Advance on every endpoint manually. 

    Thank you for your help.

    Ben

  • 0 in reply to BenedictSiu

    Hello Ben,

    malware was wrapped in a MIME container [...] updated SAV should be able to detect it
    so you have a sample of the actual ransomware that you submitted? Or how else do you know that updated SAV should be able to detect it? Furthermore - could you verify that without this setting (there's more than one related to MIME) the malware can do its evil but that it's blocked when the option is turned on?

    If this is indeed the case it's all the more reason to contact Support because the behaviour would indicate a very serious flaw in the standard settings, the scanner, and/or the specific identity. In other words, On-Access protection should not must not rely on changes in the Advanced settings by the customer.

    Christian

Reply
  • 0 in reply to BenedictSiu

    Hello Ben,

    malware was wrapped in a MIME container [...] updated SAV should be able to detect it
    so you have a sample of the actual ransomware that you submitted? Or how else do you know that updated SAV should be able to detect it? Furthermore - could you verify that without this setting (there's more than one related to MIME) the malware can do its evil but that it's blocked when the option is turned on?

    If this is indeed the case it's all the more reason to contact Support because the behaviour would indicate a very serious flaw in the standard settings, the scanner, and/or the specific identity. In other words, On-Access protection should not must not rely on changes in the Advanced settings by the customer.

    Christian

Children
No Data
Unfiltered HTML