Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945

Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!

On-Demand Scan process name

Hello,

 

I was wondering what is the exact name of the process run by SAV on-demand scan.

Is it included in savservice or there is a separate process created?

In other words - what's the way to check (via tasklist/pslist) if there is on demand running?

 

Windows; AV version 10.8.2

 

Thank you

Sławek

  • Hi  

    Thank you for your post. As highlighted here, SAVService.exe is the process involved during AV scans (scheduled or on-demand) and the service responsible would be Sophos Anti-Virus. Hope this helps!

  • In reply to Adithyan Thangaraj:

    Hi Adithyan Thangaraj,

    thank you for your reply.

    Does it mean that SavService is running only if on-demand is in progress or it is running constantly (indicating generally that AV is on)?

    If the latter is true, is there any process unique for on-demand scan, which is present only if the scan is running, and disappearing once the scan has been completed?

    Thank you.

  • In reply to Slavvko:

    Hi  

    Thank you for your kind response. As mentioned in the above KBA, this service is responsible for any scanning that the endpoint does which means this process would remain running in the background and would start using up resources only when a scan is actually being run. By "scan", I also refer to on-access scanning that the endpoint does whenever a file or folder is accessed. Hence this Process and Service is bound to run all the time in your machine unless killed explicitly.

  • In reply to Adithyan Thangaraj:

    Hi Adithyan Thangaraj,

    thank you again for your response.

    With  reference to the above, I understood that there is no specific (unique) process created once on-demand scan starts, and finished once the scan has been completed.

    In other words, there is no possibility to verify via Tasklist/Pslist if the on-demand scan is running.

    Am I right?

    Thank you.

    Sławek

  • In reply to Slavvko:

    Hi  

    Thank you for your response. You are absolutely correct in saying that there is no separate process that highlights instance(s) of on demand scan. However, A "Scanprogress.exe" should pop up a window with the scan result post completion of on demand scan (Right-click scan).

  • In reply to Adithyan Thangaraj:

    Thank you Adithyan Thangaraj for your help.

    Sławek