I got a few Linux systems in my network which I am trying to get a better understanding of protecting with Sophos Central,
The goal is to get the setup as close as possible to our Windows desktop setup in which computers have Sophos installed and scanning over system changes while also providing Tamper Protection to prevent our engineers from changing the current setup on their Linux machines with on-access scanning. Done some research on what commands people are using to disable features such as "/opt/sophos-av/bin/savdctl disable" for disabling the on-access scans. Why they are disabling it is due to the suggested slower performance when they write files on their Linux machines.
Hopefully someone can help me or point me in the right direction for this,
Cheers in advance
Currently, Tamper Protection is not available on Linux. The following PDF document shows a comparison of the features available on Linux vs Windows. From Page 5 the section begins.- Sophos Workload Protection Licensing Guide
Another way you can find out which scanning features apply to your Linux devices is by checking "Server > Policies > Threat Protection". The check-marks on the right-hand side will indicate which OS' the features will apply to.