Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 1512 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Virtualization Scan Controller Configuration

pretor989

Hello @ all

I have a question concerning the Sophos Virtualization Scan Controller and I hope that somebody can help me out.

We are currently using the Scan Controller to coordinate multiple scans in our server environment while using the Sophos Enterprise Console (5.0) for management.

The configuration of the Scan Controller with a config-file (for LatestStartTime, AllowedDays and so on) was not that difficult thanks to the provided documentation.

These scans are running without any problems.

My question concerns the following:

We would like to exclude Adware and PUA from the scheduled scans which are initiated by the Scan Controller.

I already tried it by changing the settings within the Antivirus & HIPS policies. This only set up a secondary scheduled scan besides the one configured with the Scan Controller. This secondary scan did not scan for Adware or PUA while the scan run started by the Controller did. Either I made a mistake along the way or it has to be configured somewhere else (if at all).

Anyway if somebody is able to help me out I would really appreciate it.

Thank you

:24479


This thread was automatically locked due to age.
  • 0

    Hello pretor989,

    the scan uses the settings for the Full System Scan. These are gathered from Authorization ..., the Extensions and Exclusions ... in the Scheduled scanning pane and the default settings for onDemand scans. The latter have no interface but you might (I say might as I have not tested it) be able to set them using savconf.xml in a configured CID. Be aware that these settings will AFAIK be overridden when an AV-policy is applied from the console.

    OTOH - why exclude Adware and PUA from scanning as you can always authorize those which are not "unwanted"?

    Christian

    :24481
  • 0

    Thank you very much for your fast reply and help.

    I did not realize that I could "Authorize" the files I wanted. I was of the opinion that my only other option would be to use the "Extensions and Exclusions" to exclude specific files. But the problem would have been, that if an unsuspecting user changed the filename or the storage location, new alerts would pop up during our scans.

    Your proverbial "other hand" "nailed it" :smileyhappy: thank you!

    I will try your first suggestion for curiosity's sake. Maybe that would work too even though your way is more secure.

    Thank you again and until another time

    pretor989

    :24483