Best practice for On-Access scan settings

Question

Hello,

I know by default that the On-Access scan settings for Viruses/spyware is set to "Deny access only" but I wanted to get a feel for what others are doing and why?

We are using the defaul setting for On-Access and then in our weekly scan schedule we set the Automatically clean up. But it seems that when machiens are offline during the weekly scan schedule that they are never getting cleaned unless we manually clean them from the console during the day.

Thoughts about why we should not just set the On-Access scan to automatically clean?

Does anybody know what the defaults are for other AV prodcuts?

This thread was automatically locked due to age.

Sophos_User · Accepted Answer

We had to put exclusions in for OST and PST because what we were seeing is that Sophos will not "Scan" them by default.

Support explained the scanning process (AV version 9) to us as follows:

1) Sophos first checks if we add the files extension has been added by us to the exclusion list if so it skips it if not..

2) Sophos then checks files size if over 4GB logs and error in application event log if not over 4 GB then

3) Sophos will check against the files extension that it should not scan by default.

Ever since we added the PST and OST exclusions we no longer see the errors on machines with larger than 4GB files.

So even thought Sophos does not "scan" files by it looks lie it still touches the file and checks for the size. This is what we were seeing with PST and OST files.