I got a few Linux systems in my network which I am trying to get a better understanding of protecting with Sophos Central,
The goal is to get the setup as close as possible to our Windows desktop setup in which computers have Sophos installed and scanning over system changes while also providing Tamper Protection to prevent our engineers from changing the current setup on their Linux machines with on-access scanning. Done some research on what commands people are using to disable features such as "/opt/sophos-av/bin/savdctl disable" for disabling the on-access scans. Why they are disabling it is due to the suggested slower performance when they write files on their Linux machines.
Hopefully someone can help me or point me in the right direction for this,
Cheers in advance
Currently, Tamper Protection is not available on Linux. The following PDF document shows a comparison of the features available on Linux vs Windows. From Page 5 the section begins.- Sophos Workload Protection Licensing Guide
Another way you can find out which scanning features apply to your Linux devices is by checking "Server > Policies > Threat Protection". The check-marks on the right-hand side will indicate which OS' the features will apply to.
Ok, cheers for the response. Is there any expected timeframe/plans to roll out a "Tamper Protection" feature into Linux version of Sophos?
I've reached out internally to inquire about this. I will follow up with you here with any information I receive.
Any progress over if this would be a feature in the future, and if so a timeframe for when it could be implemented, Cheers again
I've followed up with our team, but I don't have further information on this yet. There is an open Feature Request for Tamper Protection on Linux that has been associated to your account now. I will reach out to you via PM to share the ID.
The best way to stay up to date on feature requests that you've sent in is to reach out to your Sophos Account Manager.