Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 11980 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

On-access scanning and processes

mrcrisps

We have been asked by a system supplier to exclude a list of processes from AV scanning on a server.

We already have a policy affecting this server, which disables on-access scanning (box is unticked).

It's not clear from the GUI if this by default also disables process scanning, or just file system on-access scanning - what I mean is does the original read from the disk when a process launches not get scanned, but it does get scanned once memory-resident?

:55983


This thread was automatically locked due to age.
Parents
  • 0

    Hello mrcrisps,

    time-sensitive on file handling

    :smileytongue: that's why they chose Windows as platform. There are vendors/suppliers who "permit" AV (on-access) on their systems with just minimal folder exclusions.

    Anyway, in this case I'd do without Sophos on this server. With on-access and all other real-time components disabled it has no benefit other than serving as an excuse for problems. Even a scheduled scan would be feasible when the system is active so there's no reason to have Sophos (or any other AV) installed. Isolate or restrict access to the system as far as possible and make sure they can quickly get a clean and current copy up and running in case the server gets compromised.

    Christian     

    :56187
Reply
  • 0

    Hello mrcrisps,

    time-sensitive on file handling

    :smileytongue: that's why they chose Windows as platform. There are vendors/suppliers who "permit" AV (on-access) on their systems with just minimal folder exclusions.

    Anyway, in this case I'd do without Sophos on this server. With on-access and all other real-time components disabled it has no benefit other than serving as an excuse for problems. Even a scheduled scan would be feasible when the system is active so there's no reason to have Sophos (or any other AV) installed. Isolate or restrict access to the system as far as possible and make sure they can quickly get a clean and current copy up and running in case the server gets compromised.

    Christian     

    :56187
Children
No Data