Possibility to trace back for older avdb signatures

Question

Big thanks for the answers to my queries in the suitable product for scanning files, folders on RHEL with no internet connectivity - Discussions - Sophos Central - Sophos Community ticket. I have two follow up questions and I prefer to ask in a separate ticket here. 
 
 Would like to know if following are possible to be configured in SPL product: 
 1) Linux system where the sophos is installed (connected via UC/MR or/and to Central) has no visibility on what and when the new avdb updates are being applied. 
 Is it possible to configure the new avdb updates to SPL , at custom/particular times ? 
 Is it possible to switch to SPL to run with older version of avdb updates (say if I want to scan files with 10 days older updates, if incase I want to reproduce a particular problem) 
 
 2) Read that threat file is moved to SafeStore automatically.(and restored back if the path is included in Allow applications list). However, we do not want to move the threat marked file(s) out of our network(to anyone else as they are confidential files). Is it possible to configure such thing ? 
 
 thanks

DouglasLeeder · Accepted Answer

1) No, it isn't possible to configure SPL to control when supplements (AV definition, etc) are updated, nor to point at anything other than latest. 
 2) SafeStore can't be turned off, but stores obfuscated quarantined files locally, nothing goes remote. Also nothing on a network mount will be quarantined, so files never travel onto a machine.

DouglasLeeder · Answer

SPL stores quarantined files internally in the installation directory, in an obfuscated form. They can be restored upon command from Central if they are false positives. They are rescanned every four hours in case Sophos Labs decides that they are false positives.

Possibility to trace back for older avdb signatures

Top Replies