This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

On Access Memory scanning on 64-bit systems

Dear Sophos Team,

We are using Sophos Enterprise Console to manage several machines that are running Sophos Endpoint Protection. While reading the following documentations (for each product), I get conflicting information and I did not yet find an answer to the question: Does memory scanning work on 64-bit systems?

The following document says memory scanning doesn't work on 32-bit systems:

The following document doesn't say anything, just that memory scanning is configurable (which would suggest it works anywhere):
What's the right answer to the question please?

This thread was automatically locked due to age.
  • Hello Bob Harmslaan,

    I'm not from the Sophos Team but I'll try to answer your question.

    memory scanning and system memory scanning are different things. The latter refers to the hourly background scan that scans, well, system (i.e. kernel) memory - and this is not available on 64bit systems. While you see this option in the Console's policy editor and in the local GUI on 32bit machines it's absent on 64bit machines. Back in 2012 there was a remark in the SAV 9.7 guide to on access settings article (by courtesy of the Wayback Machine) that has later been removed.
    Mind you, this does not refer to userspace memory that is AFAIK still scanned.