Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 7 subscribers
  • Views 17559 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Noob is confused.

dwilson

Okay, so I've recently been brought on to provide more support for the Sophos Endpoint protection at our university and I have to say I'm very confused by a lot of what I'm seeing. two things that keep perplexing me are;

1. Things get Quarantined a lot but apparently not cleaned up. Why is that?

2. reading the article at https://community.sophos.com/kb/en-us/25358 it says ;

"Please be aware that the full system scan will not scan for the following:

Adware and PUAs
Suspicious files
Rootkits
Scan inside archives files
Scan system memory
Run scan at low priority

The clean up option for the full system scan will be set to Log only. The option 'Automatically clean up items that contain a virus/Spyware' will not be enabled."

Well, if it doesn't do any of that when initiated at the console, what's the point of a full scan? What is the reasoning for none of that being done?

Thanks.



This thread was automatically locked due to age.
  • 0

    Noob,

    let's analyze your questions one by one:

    1. Every threats family has different methods to be removed. Your policy "Automatically clean up items that contain a virus/Spyware" needs to be enabled. Also on every computer (double clicking it from Console)m threats found are logged and a KB exists and explains what the threat is and how to remove it.
    2. This is a Console limitation. Make sure you configure policy inside Sophos Enterprise Console to scan system once per week on scheduled time. This will remove silent threats, like logic bomb, rootkit or PUA on machines.
    3. Set Full System scan to delete threas or move to option.
  • 0

    Hi dwilson,

    For question one can you provide some more details, what detection's are you seeing? Most items that show up in the quarantine can be cleaned, sometimes a reboot might be needed and depending on the location of the files some additional manual cleanup might be needed, for example files in shadow copies. If you can provide the detection names and file locations you are have questions about that will help me understand what you are seeing.

    There are also things like PUA's (Potentially Unwanted Applications) that will be blocked, but as these are not malicious and Sophos is just highlighting software on the machine that you might not want (e.g. toolbars, advert pop ups) You can simply uninstall these like any normal software if you don't want them on the machine, or you can authorize them so you don't see the detection again.

    For question two I believe it is just a misunderstanding, a full scan can do all of those items listed, they just need to be enabled either via the Enterprise Console or on the Endpoint itself. I will look to get that article changed as the wording is misleading.

  • 0 in reply to PeterM

    I can Understand the PUAs. But Rootkits? Adware? The option to run at low priority? Why would it not scan for or clean up those things? Isn't the point of the management console to save me from having to run around and physically touch every system? 

Unfiltered HTML