Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 5208 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Scheduled Scan - Detailed Report

isoffice

Hi folks,

We are deploying Sophos Endpoint Security and Control (Version 10.0.6) from Enterprise Console (Version 5.1.0) to Windows 2003/2008 Servers. I have set up policies for a scheduled scan to be done out-of-hours.

Is there a particular log file anywhere (console or client) that can confirm that certain files were excluded from the scan as per the policy imposed? Viewing the report summary on the client doesn't return this sort of detail.

Many thanks in advance,

John P

:27369


This thread was automatically locked due to age.
  • 0

    Hello John,

    AFAIK there is neither a detailed log of what has been scanned and what has been excluded nor a summary of the settings used for the scan. Why do you need this confirmation?

    Christian

    :27371
  • 0

    Hi John,

    This information isn't logged I'm afraid.  Do you have a reason to think the exclusions may not be working or is it just out of curiosity?

    The log file ([scanname].txt) created for each scan on the endpoint just records, the start and end times.  A summary of the number of files scanned, number of errorrs, anthing it couldn't scan (through errors, corrupt files, permissions, etc..) and of course any threats.

    Regards,

    Jak

    :27373
  • 0

    Hi guys,

    Thank you for the prompt replies to my query.

    I have to admit that it was curiosity alone (with a hint of necessity) which drove me to submit this query. Like most organisations, we have a lot of servers with different roles. I have done some research on files/folders to exclude from anti-virus file scanning depending on the function of the server (SQL, Exchange etc) and I just wanted to confirm that the exclusions I had put in place were actually being adhered to.

    Having said that, if I were to put in an incorrect file path in the exclusion policy, would an error message be returned alerting me to this?

    Many thanks again for your time and assistance,

    John P

    :27375
  • 0

    if I were to put in an incorrect file path in the exclusion policy, would an error message be returned alerting me to this

    No, John. It's not considered an error if a path doesn't exist - for one thing, you'd always look up a file/path you're about to scan in the exclusion list,  not look up an excluded item in the "full" list and prune that one. Or you might want to exclude a certain application on clients with different OS versions, architectures and/or OS languages, or an application which isn't installed on all clients. To avoid meaningless alerts you'd have to put the clients in different groups (which might not be possible at all if you use AD sync). 

    Christian

    :27381
  • 0

    Hi Christian,

    I understand and many thanks for your help and clarification on this.

    Best regards,

    John P

    :27383
  • 0

    Don't mention it, John!

    As an aside - scan logs on the Mac do contain the path(s) to scan, exclusions and setting used (but scans on a Mac seem to be more like running SAV32CLI).

    Christian

    :27389