Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1948 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Full System Scan ? Why needed, Strategies?

Steeler

I administer a fairly new installation of SAV 9 on ~7000 XP computers in over 100 locations, using SEC 4

I have on-going complaints about full system scan causing computers to be unusable, during the scan.

Sophos support admits it's a resource hog.

I tried scheduling it for different times, days etc. but there's always somebody who needs their computer at that time.

Management is questioning why the Full Scan is even needed.

Sophos Support tells me it's necessary because the on-acess methods do not check all file types, and if they were configured to do so there would be performance issues.

How are others handling this challenge? Should I make a case that we must mandate it?

:3935


This thread was automatically locked due to age.
Parents
  • 0

    I am not going to say we have the best strategy for this but here is what I do.

    I have all computers set to do a full scan at 1AM. We have some machines used 24x7 but they don't complain too much as those machines are not used really heavy at that time. The problem is that not everyone leaves their computer on all the time. So these machines don't get full scans all the time. However if a threat is ever detected on a machine I move them into another folder that I have for infected machines. Then they get 4 full scans a day during business hours. Sure they complain but when management comes to me I show them that the machine is infected and it is being cleaned. Until I am confident that the threat is gone they stay in that group. After a day or two has gone by where they are shown clean they get moved back into a normal group. It seems to have the added benefit that people really don't like getting put in that group as word has spread so people seem to be more careful about what they download and run on their computers. 

    I don't know what your work environment is like but you can always split out your workstations into different groups. Each group can have a different policy as for when full scans take place. This may help split things out for you a little.

    :3949
Reply
  • 0

    I am not going to say we have the best strategy for this but here is what I do.

    I have all computers set to do a full scan at 1AM. We have some machines used 24x7 but they don't complain too much as those machines are not used really heavy at that time. The problem is that not everyone leaves their computer on all the time. So these machines don't get full scans all the time. However if a threat is ever detected on a machine I move them into another folder that I have for infected machines. Then they get 4 full scans a day during business hours. Sure they complain but when management comes to me I show them that the machine is infected and it is being cleaned. Until I am confident that the threat is gone they stay in that group. After a day or two has gone by where they are shown clean they get moved back into a normal group. It seems to have the added benefit that people really don't like getting put in that group as word has spread so people seem to be more careful about what they download and run on their computers. 

    I don't know what your work environment is like but you can always split out your workstations into different groups. Each group can have a different policy as for when full scans take place. This may help split things out for you a little.

    :3949
Children
No Data