This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Center - Server Protection - Scheduled Scanning Options

Hi All,

I am looking at the "Threat Protection" baseline policy within Sophos Central and the options available for scheduled scanning. The setting only allows me to set a date and time of when the scanning should start with the option of deep scanning. The equivalent policy (Anti-virus and HIPS) within Enterprise console allows greater control on what to scan and other scanning options as show below.

As we cannot define what is scanned during scheduled scanning for servers in Sophos Central, can anyone advise what the scan will look for as it does not define this within the policy itself.

Sophos Central Sophos Enterprise Console
                                          

 

Thank you,

Mo



This thread was automatically locked due to age.
Parents
  • If you look in the scheduled tasks at the client you will see the scheduled task "Sophos Cloud Scheduled Scan" and it's set to run something like:

    C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe {2C44AC43-398F-41A7-BA53-14CBD7B4C8DF}

    The GUID is a scan config as defined in machine.xml (C:\ProgramData\Sophos\Sophos Anti-Virus\Config).

    E.g.

    <scan id="{2C44AC43-398F-41A7-BA53-14CBD7B4C8DF}" ScanType="EnterpriseScan">

    The "EnterpriseScan" type defines it was created by a management platform, e.g. Cloud or SEC. It's a OnDemandScanTemplate.

    Run scan at low priority is enabled by default, that is this option:

    <minimiseScanImpact>true</minimiseScanImpact>

    Rootkit scans are enabled by default and you can't disable rootkit scanning.

    <saviOptions>
      <item itemName="ApplicationControl">
        <name>ApplicationControl</name><value>1</value></item>
      <item itemName="PuaDetection">
        <name>PuaDetection</name><value>1</value></item>
      <item itemName="BehaviourSuspicious">
        <name>BehaviourSuspicious</name><value>0</value></item>
    </saviOptions>

    Suggests PUA is enabled. 

Reply
  • If you look in the scheduled tasks at the client you will see the scheduled task "Sophos Cloud Scheduled Scan" and it's set to run something like:

    C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe {2C44AC43-398F-41A7-BA53-14CBD7B4C8DF}

    The GUID is a scan config as defined in machine.xml (C:\ProgramData\Sophos\Sophos Anti-Virus\Config).

    E.g.

    <scan id="{2C44AC43-398F-41A7-BA53-14CBD7B4C8DF}" ScanType="EnterpriseScan">

    The "EnterpriseScan" type defines it was created by a management platform, e.g. Cloud or SEC. It's a OnDemandScanTemplate.

    Run scan at low priority is enabled by default, that is this option:

    <minimiseScanImpact>true</minimiseScanImpact>

    Rootkit scans are enabled by default and you can't disable rootkit scanning.

    <saviOptions>
      <item itemName="ApplicationControl">
        <name>ApplicationControl</name><value>1</value></item>
      <item itemName="PuaDetection">
        <name>PuaDetection</name><value>1</value></item>
      <item itemName="BehaviourSuspicious">
        <name>BehaviourSuspicious</name><value>0</value></item>
    </saviOptions>

    Suggests PUA is enabled. 

Children
No Data