Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 867 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Folder exclusions: Method of notification or monitoring?

VancouverPaddy

OS: Windows Server 2008 R2

ES version: 10.0

Server type: SQL

We recently made a change to our Sophos ES antivirus configuration: we added four local folders on an SQL server to be excluded from on-access scanning. I've turned on verbose logging and fortunately all is currently well.

However, the DB guys are not very familiar with Sophos and have been asking me about a method of notification or report-generation that could show daily or weekly reports of whether or not (a) the directories are being scanned and (b) if there's anything being found in them.

I've looked through the forum and within the ES software itself but I haven't been able to figure out if there is a way to do this. I realise I may not be explaining myself very well but hopefully someone can confirm or deny if this is possible.

Thanks for reading!

:33005


This thread was automatically locked due to age.
Parents
  • 0

    Hello VancouverPaddy (next time I'll shorten it to VP),

    verbose logging normally doesn't provide any interesting information, but it also does no harm.

    Sophos neither tells you what's being scanned nor what's being excluded. On-access scanning is real-time, it intercepts file operation and blocks the application during this time - any blabber would create an unacceptable overhead. Events could be monitored and I'm pretty sure there is a debug mode - but this is not intended for production.

    Detections are always logged - what has been found and where. I don't think they are asking for something like if I would have been allowed to scan ... the following threats would have been found :smileytongue:


    So no reports on what has been scanned or not. For the alerts there are several reports available in SEC though - these can also be scheduled and sent by email.

    Christian

    :33019
Reply
  • 0

    Hello VancouverPaddy (next time I'll shorten it to VP),

    verbose logging normally doesn't provide any interesting information, but it also does no harm.

    Sophos neither tells you what's being scanned nor what's being excluded. On-access scanning is real-time, it intercepts file operation and blocks the application during this time - any blabber would create an unacceptable overhead. Events could be monitored and I'm pretty sure there is a debug mode - but this is not intended for production.

    Detections are always logged - what has been found and where. I don't think they are asking for something like if I would have been allowed to scan ... the following threats would have been found :smileytongue:


    So no reports on what has been scanned or not. For the alerts there are several reports available in SEC though - these can also be scheduled and sent by email.

    Christian

    :33019
Children
No Data