This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Noob is confused.

Okay, so I've recently been brought on to provide more support for the Sophos Endpoint protection at our university and I have to say I'm very confused by a lot of what I'm seeing. two things that keep perplexing me are;

1. Things get Quarantined a lot but apparently not cleaned up. Why is that?

2. reading the article at https://community.sophos.com/kb/en-us/25358 it says ;

"Please be aware that the full system scan will not scan for the following:

Adware and PUAs
Suspicious files
Rootkits
Scan inside archives files
Scan system memory
Run scan at low priority

The clean up option for the full system scan will be set to Log only. The option 'Automatically clean up items that contain a virus/Spyware' will not be enabled."

Well, if it doesn't do any of that when initiated at the console, what's the point of a full scan? What is the reasoning for none of that being done?

Thanks.



This thread was automatically locked due to age.
Parents
  • Noob,

    let's analyze your questions one by one:

    1. Every threats family has different methods to be removed. Your policy "Automatically clean up items that contain a virus/Spyware" needs to be enabled. Also on every computer (double clicking it from Console)m threats found are logged and a KB exists and explains what the threat is and how to remove it.
    2. This is a Console limitation. Make sure you configure policy inside Sophos Enterprise Console to scan system once per week on scheduled time. This will remove silent threats, like logic bomb, rootkit or PUA on machines.
    3. Set Full System scan to delete threas or move to option.
Reply
  • Noob,

    let's analyze your questions one by one:

    1. Every threats family has different methods to be removed. Your policy "Automatically clean up items that contain a virus/Spyware" needs to be enabled. Also on every computer (double clicking it from Console)m threats found are logged and a KB exists and explains what the threat is and how to remove it.
    2. This is a Console limitation. Make sure you configure policy inside Sophos Enterprise Console to scan system once per week on scheduled time. This will remove silent threats, like logic bomb, rootkit or PUA on machines.
    3. Set Full System scan to delete threas or move to option.
Children
No Data