Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 5842 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to Stop the End point and Security Client from scanning

Rodeoboy

There are some times that I need to disable Sophos Endpoint from Scanning when I do installation of Network software.  However when I disable the Onaccess scanning, Web Scanning and Sophos Live Protection - It still manages to flag and quarantine files.

How do you stop Sophos from Scanning in order to install software?

Just wondering,

Rodeoboy

:19841


This thread was automatically locked due to age.
Parents
  • 0

    Hello Rodeoboy,

    as Jak said, the details of the detection are always important. Rather than trying to find all the knobs and switches needed to completely turn off scanning "unwanted" detections should be dealt with case-by-case. This does not necessarily mean item-by-item though. Thus if certain activity is known to trigger suspicious behaviour detections you could simply turn it off while performing this task. If OTOH a certain "suspicious" file is regularly used but doesn't change often it's better to authorize it.

    False positives (detected by on-access) can also be sent in as samples - I have done this a number of times. Depending on the nature (and prevalence) of these files modified identities might be issued to avoid future detection.

    As to Combofix - running more than one "Anti" software at the same time is a little bit like independently employing two security firms to watch over your estate. Chances are good rather sooner than later they are at each other's throats :smileywink:.

    Christian

    :19955
Reply
  • 0

    Hello Rodeoboy,

    as Jak said, the details of the detection are always important. Rather than trying to find all the knobs and switches needed to completely turn off scanning "unwanted" detections should be dealt with case-by-case. This does not necessarily mean item-by-item though. Thus if certain activity is known to trigger suspicious behaviour detections you could simply turn it off while performing this task. If OTOH a certain "suspicious" file is regularly used but doesn't change often it's better to authorize it.

    False positives (detected by on-access) can also be sent in as samples - I have done this a number of times. Depending on the nature (and prevalence) of these files modified identities might be issued to avoid future detection.

    As to Combofix - running more than one "Anti" software at the same time is a little bit like independently employing two security firms to watch over your estate. Chances are good rather sooner than later they are at each other's throats :smileywink:.

    Christian

    :19955
Children
No Data