On-Premise Endpoint

Sophos Endpoint Software what do you mean about this config?

On-Premise Endpoint requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 4 replies
Subscribers 1 subscriber
Views 1980 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

what do you mean about this config?

Gregor81 over 11 years ago

Hello,

i have create 2 Antivirus and HIPS Policy, what do you mean about this Config, and have you suggestions for improvement

Clients Policy:

This thread was automatically locked due to age.

Parents

0 QC over 11 years ago

Hello Gregor81,
did you read Empfohlene Einstellungen für Anti-Virus und HIPS?
They are not meant as a template which you have to modify to fit your environment - ideally for workstations you should start with the default settings and only modify them if you encounter issues (scan-on-write is enabled by default since 9.7). Anyway I'd recommend to turn on HIPS (Verhaltensüberwachung, Erkennung schädlichen/verdächtigen Verhaltens) - what is your setting for Live-Schutz, BTW? Exclusions should be necessary only in special circumstances (neither Windows updates nor domain membership are among them).
The same is in principle true for servers. You have quite a number of exclusions but most of them aren't scanned anyway (you can verify this by making copies of eicar with different extensions) so it's better to omit them. There's one setting (or combination) you should reconsider: Archivdateien scannen for the scheduled scan - which also should run on lower priority (niedriger Priorität). Scanning archives is expensive, in CPU and RAM, and will significantly increase the time it takes to complete the scan (especially in conjunction with lower priority).
Christian
:43895
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 11 years ago

Hello Gregor81,
did you read Empfohlene Einstellungen für Anti-Virus und HIPS?
They are not meant as a template which you have to modify to fit your environment - ideally for workstations you should start with the default settings and only modify them if you encounter issues (scan-on-write is enabled by default since 9.7). Anyway I'd recommend to turn on HIPS (Verhaltensüberwachung, Erkennung schädlichen/verdächtigen Verhaltens) - what is your setting for Live-Schutz, BTW? Exclusions should be necessary only in special circumstances (neither Windows updates nor domain membership are among them).
The same is in principle true for servers. You have quite a number of exclusions but most of them aren't scanned anyway (you can verify this by making copies of eicar with different extensions) so it's better to omit them. There's one setting (or combination) you should reconsider: Archivdateien scannen for the scheduled scan - which also should run on lower priority (niedriger Priorität). Scanning archives is expensive, in CPU and RAM, and will significantly increase the time it takes to complete the scan (especially in conjunction with lower priority).
Christian
:43895
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data