Sophos Daily Scheduled Scan - Support for Modern Features

I suppose the issue becomes how to present all of these options in the policy (Central/SEC) if they are dependant on the client OS.  I can imagine it could end up quite cluttered and something you'd have to continually maintain. 

For 95% of customers who just want to start a scan at a given time it's probably good enough.  

It's also arguable how useful a scheduled scan is on a workstation/laptop.  I can see the benefit on say a file server when you may want to scan inside archives (which you probably couldn't do on access for performance reasons) in order to maybe protect an out of date/unprotected client but on a workstation at best you might just create an alert sooner than later but there isn't really any extra risk as on-access will block it before execution.  

You don't really need to worry about servers being off and power management considerations so the settings are less of a concern on a server.

That said, I can understand that exposing a subset of options such a forcing a scan after a missed task might be a good thing.  This is captured here:

http://ideas.sophos.com/forums/285723-sophos-endpoint/suggestions/8508283-add-option-that-forces-full-system-scans-after-sch

Maybe not running scan when on batteries could be another, etc..

The only good thing is you can create your own task to run the same backgroundscanclient.exe and GUID of a scan. Sadly I don't think there is a way to create a scan configuration without scheduling it.  So you might have to create a scheduled scan for at least once a week to get the config in machine.xml.  You can then call that same scan by the GUID from your own task configured with all the options you require.  The other option is to schedule the default scan my computer now scan (BackgroundScanClient.exe {F86EBCD5-687E-40B1-800D-021062361F6C}) but of course that doesn't have any customisation.  

Regards,
Jak

I suppose the issue becomes how to present all of these options in the policy (Central/SEC) if they are dependant on the client OS.  I can imagine it could end up quite cluttered and something you'd have to continually maintain. 

For 95% of customers who just want to start a scan at a given time it's probably good enough.  

It's also arguable how useful a scheduled scan is on a workstation/laptop.  I can see the benefit on say a file server when you may want to scan inside archives (which you probably couldn't do on access for performance reasons) in order to maybe protect an out of date/unprotected client but on a workstation at best you might just create an alert sooner than later but there isn't really any extra risk as on-access will block it before execution.  

You don't really need to worry about servers being off and power management considerations so the settings are less of a concern on a server.

That said, I can understand that exposing a subset of options such a forcing a scan after a missed task might be a good thing.  This is captured here:

http://ideas.sophos.com/forums/285723-sophos-endpoint/suggestions/8508283-add-option-that-forces-full-system-scans-after-sch

Maybe not running scan when on batteries could be another, etc..

The only good thing is you can create your own task to run the same backgroundscanclient.exe and GUID of a scan. Sadly I don't think there is a way to create a scan configuration without scheduling it.  So you might have to create a scheduled scan for at least once a week to get the config in machine.xml.  You can then call that same scan by the GUID from your own task configured with all the options you require.  The other option is to schedule the default scan my computer now scan (BackgroundScanClient.exe {F86EBCD5-687E-40B1-800D-021062361F6C}) but of course that doesn't have any customisation.  

Regards,
Jak

Thanks for your detailed reply!