Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 17377 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos scanning network locations

BUKtrj

Hello all,

A bit of info before i go on, we just installed Enterprise Console 5.2 on a clean 2012 R2 server, deployed to a few test machines as this is replacing an old symantec solution.

The problem is that we use Quest for keeping an eye on folder activity (opening, deleting ect) but since 2 of our laptops had sophos installed Quest reports that the user accounts tied to the laptops are continually scanning our network location where home drives are located, Quest doesn't report the same activity for my machine, the only differences is that the other 2 users have offline folders enabled for their home drives and i'm on Win7 to their Win8.1, we have added the CSC folder to the exclusions in the hope this was the cause.

Any advice appreciated.

:45889


This thread was automatically locked due to age.
Parents
  • 0

    Hello BUKtrj,

    as it tries to scan ALL folders

    as said, it does only scan only files that are accessed and shouldn't attempt to scan objects on its own (and even less try to access parent and/or sibling folders).

    concern about excluding remote files

    while scan on write will scan a copy to local  (assuming it is created) it won't block the remote file (dunno how offline folders work under the bonnet, I wouldn't bet the sequence is always copy/cache -> open locally). This should be a last-resort temporary measure at best until the issue is solved.

    UserA access denied to folder UserB

    When on-access intercepts an open the path it sees might not be the one used by the application accessing the file. Process Monitor should give some insight here (include the savservice.exe process and the File System event class) - BTW, can you reproduce it on Windows 7?

    Christian

    :45937
Reply
  • 0

    Hello BUKtrj,

    as it tries to scan ALL folders

    as said, it does only scan only files that are accessed and shouldn't attempt to scan objects on its own (and even less try to access parent and/or sibling folders).

    concern about excluding remote files

    while scan on write will scan a copy to local  (assuming it is created) it won't block the remote file (dunno how offline folders work under the bonnet, I wouldn't bet the sequence is always copy/cache -> open locally). This should be a last-resort temporary measure at best until the issue is solved.

    UserA access denied to folder UserB

    When on-access intercepts an open the path it sees might not be the one used by the application accessing the file. Process Monitor should give some insight here (include the savservice.exe process and the File System event class) - BTW, can you reproduce it on Windows 7?

    Christian

    :45937
Children
No Data