Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 4741 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why the Sav32cli command line perform longer when performing scans?

Jacky Tu

I perform the command line full scan " sav32cli -f " takes 40 min but perform SEC full scan just only takes 10 min.

 I see that the number of scanned files is the same. So what is the difference between the two scanning methods?



This thread was automatically locked due to age.
Parents
  • 0

    Hello Jacky Tu ,

    If you are running a scan directly from the Console, there are things that are not included, which can affect the time it takes for the scan to complete. Please see the article for more details as to what gets scanned .

    If you are triggering the scan directly from the Endpoint, can you confirm you have selected all of options?

    To see what's savcli32 scanning, use this command to generate a log .

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • 0 in reply to Barb@Sophos

    I found that Sophos scanned the memory for too long. So  can set not to scan the memory?

  • 0 in reply to Jacky Tu

    Hello Jacky Tu,

    Sophos scanned the memory for too long
    I fear I don't understand what you mean here. By default sav32cli does not scan memory and you said that the SEC initiated scan took only a quarter of the time. So what is taking too long?

    I'm not sure that the details as to what gets scanned that Barb referred to is correct - the full system scan will not scan for the following ... [system memory] ...  while the SEC Help says If the scan detects components of a threat in memory. Started a scan from the console and it shows no progress first (I assume it is scanning memory at this point), follows with a rootkit scan and only after the famous 2% complete scans the file system. It also detects Adware and PUA.

    As for the elapsed time: sav32cli performs the scan single-handedly whereas scans from the GUI collaborates with the service (probably taking cached results into account). Furthermore it seems the scan by sav32cli is single-threaded and it uses only one core.

    Christian

Reply
  • 0 in reply to Jacky Tu

    Hello Jacky Tu,

    Sophos scanned the memory for too long
    I fear I don't understand what you mean here. By default sav32cli does not scan memory and you said that the SEC initiated scan took only a quarter of the time. So what is taking too long?

    I'm not sure that the details as to what gets scanned that Barb referred to is correct - the full system scan will not scan for the following ... [system memory] ...  while the SEC Help says If the scan detects components of a threat in memory. Started a scan from the console and it shows no progress first (I assume it is scanning memory at this point), follows with a rootkit scan and only after the famous 2% complete scans the file system. It also detects Adware and PUA.

    As for the elapsed time: sav32cli performs the scan single-handedly whereas scans from the GUI collaborates with the service (probably taking cached results into account). Furthermore it seems the scan by sav32cli is single-threaded and it uses only one core.

    Christian

Children
Unfiltered HTML