Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 9 subscribers
  • Views 5363 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Force a Scan on all Endpoints

John Doe4

As subject, is it possible to force a scan on all endpoints? I'm aware that I can drill down to a specific endpoint and Scan Now, but what I'd like to do is scan all the machines with one click.

As I've found no obvious way of doing this, I edited the Base Policy - Threat Protection and created a scheduled scan to run that evening. It didn't run. Instead, I got a whole load of warnings in the Central management portal reporting Policy non-compliance for all endpoints! 

Any advice greatly received. I'm struggling to understand how I can force a scan on all my endpoints and it's getting critical now.

Thanks in advance!



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    I think the update to the threat protection policy to force a scan in the next couple of minutes is your best bet.

    Of course - any computers that are off at that time will not be covered until a time when the schedule aligns with then being turned on.  The scan now action on the other hand, is queued I guess so the next time the client comes online, it sees the message and carries out the task. 

    I would first investigate on one computer why they differ from policy.  Did the scheduled task get created on the endpoints for the task?  Can you check, if the task got created then the scan would have happened.

    schtasks /query /TN "Sophos Cloud Scheduled Scan"

    You can use /S to check remote computers.

    Or maybe just:
    schtasks | find "Sophos"
    presumably will return:
    Sophos Cloud Scheduled Scan              22/02/2019 21:00:00    Ready

    is the task there?

    Debug logging of the Agent using the info here:
    https://community.sophos.com/kb/en-us/119607

    would be the troubleshooting step to ensure the SAV Adapter is setting/getting policy and why difference is being returned.

    Regards,

    Jak

Reply
  • 0

    Hi,

    I think the update to the threat protection policy to force a scan in the next couple of minutes is your best bet.

    Of course - any computers that are off at that time will not be covered until a time when the schedule aligns with then being turned on.  The scan now action on the other hand, is queued I guess so the next time the client comes online, it sees the message and carries out the task. 

    I would first investigate on one computer why they differ from policy.  Did the scheduled task get created on the endpoints for the task?  Can you check, if the task got created then the scan would have happened.

    schtasks /query /TN "Sophos Cloud Scheduled Scan"

    You can use /S to check remote computers.

    Or maybe just:
    schtasks | find "Sophos"
    presumably will return:
    Sophos Cloud Scheduled Scan              22/02/2019 21:00:00    Ready

    is the task there?

    Debug logging of the Agent using the info here:
    https://community.sophos.com/kb/en-us/119607

    would be the troubleshooting step to ensure the SAV Adapter is setting/getting policy and why difference is being returned.

    Regards,

    Jak

Children
No Data
Unfiltered HTML