Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 5553 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Scheduled Scan: Necessary?

sophos_fan

I have a question - hope someone can answer and help clarify this:

How can Sophos' scheduled scan detect threats that are not detected/remediated by the realtime protection? In other words, why would someone turn on the scheduled scan feature if they already have realtime scanning set up?  If a threat signature gets added after a rogue application gets installed, realtime protection would identify it when the application is run (after the signature update) anyway. Are there any use cases from Sophos or from the enterprise endpoint security users related to this?

Thanks in advance.

:4564


This thread was automatically locked due to age.
Parents
  • 0

    Thanks for your insight into this. It is true that the remnants of infection can potentially be detected and cleaned up by a scheduled scan. However, if they are unable to run in the memory or take actions to perform anything malicious (or non-malicious for that matter), those files are nothing more than the passive placeholders taking up few KBs of disk space. Forensically, there are possible benefits, as they can be used for investigative purposes etc.; but as a preventative control, does this really offer much value?

    I'm personally in favor of this, however I'm trying to come up with "enough" techincal reasons and arguments to support this -- with a goal to eventually convince the management!! 

    :4587
Reply
  • 0

    Thanks for your insight into this. It is true that the remnants of infection can potentially be detected and cleaned up by a scheduled scan. However, if they are unable to run in the memory or take actions to perform anything malicious (or non-malicious for that matter), those files are nothing more than the passive placeholders taking up few KBs of disk space. Forensically, there are possible benefits, as they can be used for investigative purposes etc.; but as a preventative control, does this really offer much value?

    I'm personally in favor of this, however I'm trying to come up with "enough" techincal reasons and arguments to support this -- with a goal to eventually convince the management!! 

    :4587
Children
No Data