Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 11 replies
  • Subscribers 1 subscriber
  • Views 10290 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Best practice for On-Access scan settings

Sophos_User

Hello,

I know by default that the On-Access scan settings for Viruses/spyware is set to "Deny access only" but I wanted to get a feel for what others are doing and why?

We are using the defaul setting for On-Access and then in our weekly scan schedule we set the Automatically clean up.  But it seems that when machiens are offline during the weekly scan schedule that they are never getting cleaned unless we manually clean them from the console during the day.

Thoughts about why we should not just set the On-Access scan to automatically clean?

Does anybody know what the defaults are for other AV prodcuts?

:2647


This thread was automatically locked due to age.
Parents
  • 0

    I also implement a "take no prisoners" approach when it comes to viruses on users' PCs - anything detected by Sophos is deleted instantly without warning.  Servers are a bit more leniant in that they're set to quarantine only - that way if something goes horribly wrong it's easier to recover from... plus they're switched on constantly so manual cleanup of anything dodgy is a lot easier.  My reasons for this are that we have a lot of flash drives being plugged into our machines that have been to far out corners of the world and come back riddled with all kinds of garbage.  Any softer approach results in people trying to disable or somehow bypass Sophos (a few have local admin rights).

    I've got suspicious files set to 'alert only' as we have a lot of bespoke applications in use here, and quite a lot of them weren't really designed with any common sense a corporate situation in mind :robotwink:

    :2651
Reply
  • 0

    I also implement a "take no prisoners" approach when it comes to viruses on users' PCs - anything detected by Sophos is deleted instantly without warning.  Servers are a bit more leniant in that they're set to quarantine only - that way if something goes horribly wrong it's easier to recover from... plus they're switched on constantly so manual cleanup of anything dodgy is a lot easier.  My reasons for this are that we have a lot of flash drives being plugged into our machines that have been to far out corners of the world and come back riddled with all kinds of garbage.  Any softer approach results in people trying to disable or somehow bypass Sophos (a few have local admin rights).

    I've got suspicious files set to 'alert only' as we have a lot of bespoke applications in use here, and quite a lot of them weren't really designed with any common sense a corporate situation in mind :robotwink:

    :2651
Children
No Data