Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 5323 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Assign workstations in a single group to individual Anti-Virus policies

KausticRage

Hello,

We are just starting a 30 day trial/test and I had a question regarding scheduled scan policies.  I was wondering if its possible to assign individual workstations in a group to different Anti-virus policies...

I.e....

Workstations group - WorkstationA and WorkstationB assigned to the group

Anti-virus and HIPS Policies:

Policy1 which does a scheduled scan at 11am weekly

Policy2 which does a scheduled scan at 1pm weekly

I want to be able to place both machines in a single group and assign each one to a different Anti-virus scan policy.  The reason for this is we don't have to shoot off a scan of all our workstations at the same and would like to scan groups of PC's in blocks (when departments are out to lunch or gone for the day) at certain times without having to create sub-groups since they will share all other policies.

Is something like this possible?

:40615


This thread was automatically locked due to age.
  • 0

    Hello KausticRage,

    On-Access scanning is the basic means for protection on workstations. Therefore there is no need for frequent scheduled scans. To quote from Recommended settings for Anti-Virus and HIPS (emphasis mine): If you feel safer making an occasional check of all files on your computer, set up a weekly scheduled scan at a quiet time ....

    A scheduled scan does only run when the computer is switched on - if this is the case when departments are [...] gone for the day then you could perhaps run the scan after-work as well. Furthermore [while] out to lunch is likely not long enough for the scan to finish thus if you scan during the day the will definitely be an overlap. Please note that (on Vista and above) you can run the scans at lower priority so they have minimal impact.

    As you've seen the schedules are tied to the AV&HIPS policy thus you can't use different times within one group.

    If scheduled scans are really that important to you (and none of the above provides a satisfactory solution) there is probably on or the other way to work around the policy restriction (but none of them perfect).

    HTH

    Christian

    :40617
  • 0

    This is a direction from the CIO and he would like weekly scans of all machines and servers but not at the same time.  Norton (we dont currently use them) allows each individual workstation/server its own schedule for the full system scans.  Its not a deal breaker but that is a feature he would like in our next solution if we choose to move forward with a change.

    :40641
  • 0

    Hello KausticRage,

    if your CIO is content with a Full System scan (you can't explicitly set the options, Authorizations, Extensions and Exclusions are taken from the group's AV&HIPS policy, otherwise the scheduled scan defaults apply) you could perhaps (ab)use the Sophos Virtualization Scan Controller. It is not intended for this purpose, not integrated with the console and doesn't provide a GUI for configuration. In other words - you don't see in SEC which schedule is set for a computer, you have to edit the configuration (but this could be scripted) when a computer is added or moved to a different group and, frankly, I don't know if it works as I haven't tested it. 

    OTOH - unless you intend to regularly update authorizations and/or exclusions the AV&HIPS policies (like most other policies) are static, thus having one policy for each distinct AV/schedule combination. Of course it depends on the complexity of your environment and setup.  

    Christian

    :40657