Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 1666 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

On Access Scanning

Joetobai

Hi All,

My Query is regarding On Access Scanning, alot of users on our workstations are not local admin. What is best practice for on access scanning group, ie should there be a user in group with local admin privileges.

Thanks

:9603


This thread was automatically locked due to age.
  • 0

    Hello Joetobai,

    I'm not sure if you really ask about On-Access. If you are wondering about the SophosOnAccess group (for which there is still no explanation in the docs or knowledgebase AFAIK) you don't have to (and shouldn't) put any user in there - just ignore it. On-Access works regardless of the rights of the logged on user (our domain users, for example, are simple users).

    Christian

    :9611
  • 0

    We do get alerts back from sophos console saying that on access scan does not have have rights to delete file but when Daily Scan runs the affected file is deleted.

    :9615
  • 0

    I see. As you found out a scheduled scan will delete these threats (and cleaning - i.e. deleting - them from the console might also be possible). I guess that on-access for cleanup/deletion uses the rights of the user accessing the file and if they are read-only deletion (or move) will fail. As access to the file is blocked anyway this is not a problem though. On the contrary - giving the users more rights will make it worse as (yet unknown) malware can penetrate deeper when run by a power or administrative user. 

    Christian

    :9619
  • 0

    Yeah, I agree with leaving the user with restricted rights but I was just wondering would having an admin in the on access group be an option that was being used.

    Thanks

    :9623
Unfiltered HTML