+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 32
Windows Thread, Sophos Does It Again !! in Technical; The clients AV should do that. Some AV software on clients don't scan mapped drives... One of them was Trend's ...
  1. #16

    mattx's Avatar
    Join Date
    Jan 2007
    Posts
    9,240
    Thank Post
    1,058
    Thanked 1,069 Times in 625 Posts
    Rep Power
    740

    Re: Sophos Does It Again !!

    The clients AV should do that.
    Some AV software on clients don't scan mapped drives...
    One of them was Trend's Officescan a few years back, this of course may be different now.

  2. #17
    contink's Avatar
    Join Date
    Jul 2006
    Location
    South Yorkshire
    Posts
    3,791
    Thank Post
    303
    Thanked 327 Times in 233 Posts
    Rep Power
    118

    Re: Sophos Does It Again !!

    The debate re: on-access for servers on/off seems to boil down to just how confident you are with your infrastructure and how you lock down access.

    If you have a rather loose network with stuff like teachers laptops that may or may not be up to date or using some other AV scanning then you'd probably want it on (and I can hear people ready to jump and say BUT..., so let me finish )

    ... or you can have a very structured setup where anything you don't control or have tied down with AUP's (enforced ones, etc..) is locked out. Then you can afford to loosen the internal security a little... although in fairness I think even then I'd go for still retaining on-access for write processes.

    That about sum things up?

  3. #18

    Join Date
    Feb 2007
    Location
    Leicestershire
    Posts
    271
    Thank Post
    1
    Thanked 5 Times in 5 Posts
    Rep Power
    27

    Re: Sophos Does It Again !!

    I went to a arc distribution day the other week (karting was involved so i thought why not ). Anyway they had a bloke from kaspersky, they show some "independent reviews" of AV products. Based on % of Viral/spyware cuaght. Kaspersky was first, then nod32 and then sophos, then loads more with symantec at the bottom (no suprise there!!). Anyways, we have sophos on about 30 networks with about 1500 clients in total (mainly primary schools and on-access turned off as suggested by sophos).

    We've never really had any problems. But i want to try some alternatives to see if there any better. I use nod32 at home, but not sure what there networked versions are like. Anyone have any views on kaspersky?

    On a side note, if you do go against recommended advice from the makers of the AV, you are asking for trouble else they wouldnt of recommended it!

  4. #19
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,217
    Thank Post
    394
    Thanked 278 Times in 239 Posts
    Rep Power
    75

    Re: Sophos Does It Again !!

    Odd i've found Nod32 to be an excellent light weight client it makes Symantec look laughable and their support has always been excellent when i've talked to them. The only downside is that it does take some expertise to configure compared to other packages but that’s ok when you have a well managed network.

  5. #20
    KarlGoddard's Avatar
    Join Date
    Jul 2005
    Location
    Bolton, Lancashire
    Posts
    272
    Thank Post
    37
    Thanked 18 Times in 18 Posts
    Rep Power
    25

    Re: Sophos Does It Again !!

    Quote Originally Posted by Dos_Box
    Yes, but your server containing tens of thousands of users files should not be scanning all of them every time a request for access occurs. The clients AV should do that.
    Agree 100% here

    If the clients have on access sacnning - which they should have - what's the point of having on access scanning on the server where the user areas are located too? You're scanning them twice!

    I have daily scans on the servers, and on access on the clients. With 2000+ users, 600 PC's and 20 or so servers we've never had a serious problem yet. Then again I would say that as I'm the Sophos guy at the school

    Sophos is far from perfect - i have to manually delve into the sql database sometimes to remove 'errors and warnings' but thats another story - but if it's set up right and if you spend some time getting the exclusions right on the servers it works!

    But don't have on access turned on on your file servers - or you'll have major performance issues!

  6. #21

    mattx's Avatar
    Join Date
    Jan 2007
    Posts
    9,240
    Thank Post
    1,058
    Thanked 1,069 Times in 625 Posts
    Rep Power
    740

    Re: Sophos Does It Again !!

    what's the point of having on access scanning on the server where the user areas are located too? You're scanning them twice!
    The point is that the client's AV may be either out of date, not working properly, not even installed possibly.
    At least with on access scanning on the server you have a double layer of protection.
    In an idea world and if possible, I would have a different AV product all together on the server / client just as it has been reported in the past that some AV products pick up on stuff and others miss....
    Problem is that would be a bit of a nightmare to configure and manage...

    i have to manually delve into the sql database sometimes to remove 'errors and warnings'
    Hmmm, yes I have noticed on our server there are warnings and errors that won't allow you to clear them. Having to manually dive into the database in my opinion to clear them is quite an amazing 'feature' and does not really give me the confidence that what ever the console reports is actually true !! If there are problems with removing entries then what else is wrong ? I dread to think....
    As usual - my opinion blah blah blah

  7. #22
    ICT_GUY's Avatar
    Join Date
    Feb 2007
    Location
    Weymouth
    Posts
    2,269
    Thank Post
    683
    Thanked 283 Times in 204 Posts
    Rep Power
    106

    Re: Sophos Does It Again !!

    I got fed up with sophos, its a real resource hog. It made most of the laptops unusable. Its a shame, the support I got was pretty good.

    Nod 32 is working like a charm so far. 8O

  8. #23

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,157
    Thank Post
    116
    Thanked 529 Times in 452 Posts
    Blog Entries
    2
    Rep Power
    124

    Re: Sophos Does It Again !!

    Quote Originally Posted by Dos_Box
    Not really, it is industry practice to turn off on-access type scanning on the servers. Afterall, most servers simply contain inert content and a single daily scan will see these off. The clients SHOULD be running on-access (but with remote file checking switched off) as it is the client which will be opeing the files locally.
    Not in the industry I work in!!

    Not sure what kind of servers you run, but all of ours have pretty volatile content - particularly the ones which students save their files on.

    We have all machines scanning local files - that way a file (eg) copied in from a USB stick, downloaded from the web or email gets scanned on the machine where it's being created. A file being created on a network drive is scanned on the server's local hard drive - minimising network traffic but giving a reasonable level of security.

  9. #24

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,157
    Thank Post
    116
    Thanked 529 Times in 452 Posts
    Blog Entries
    2
    Rep Power
    124

    Re: Sophos Does It Again !!

    Quote Originally Posted by mattx
    Another nail in Sophos Coffin - my server just alerted me to a load of events in the system event log which just maxed out the CPU for 15 mins with a load of these logged:

    The on access driver failed to check file \Device\Harddiskdmvolumes\physicaldmvolumes\Blockv o

    A wad of entries which have caused my backup to fail and other scheduled scripts - anyone got any ideas ?
    Have you looked at the actual file(s) it's failing to scan?

    the only time we get errors like this is when someone sticks something like an ISO image in a folder which gets scanned or a huge zip file (eg the backup of our student SQL database is about 800Mb; in order to scan it, it has to be extracted which generates a file of about 8GB - that takes too much time so the scanner fails to check it)

    Another possibility is that the file was in use while the scan took place - for example, if you have a backup process running then as it opens each file to back it up the virus scanner will try to scan the file. If that file can't be scanned because it's open by a user then you'll get the error shown (and you may also find that the backup fails - depends on how it deals with open files).

    The last thing I can think of is permissions; if somehow the permissions have been changed on a file so that the account which Sophos uses can't read it then it will fail to scan it.

    When you checked the files which failed to scan, did any of these seem like possible options?

  10. #25

    mattx's Avatar
    Join Date
    Jan 2007
    Posts
    9,240
    Thank Post
    1,058
    Thanked 1,069 Times in 625 Posts
    Rep Power
    740

    Re: Sophos Does It Again !!

    Thanks for the advice Steve, I checked the sav.txt log [ which is now with Sophos as I am determind they tell me what caused this problem ] - nothing strange was happening on the server that it shouldn't have.
    I thought about the backup too as I have a backup taking place around 11pm but the log did not show anything pointing towards this.
    There are no large files [ .ISO, .IMG etc ] and the database that it does scan I stop SQL server an hour before the backup and Daily Scan.

    When I get something back from Sophos [ which is credible ] I'll let you know.

  11. #26

    Join Date
    Oct 2009
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    We recently chose Sophos because most of the alternatives are poor. I use Nod32 at home because its lightweight and fast, and i did try the business solution but its managment tools are useless and outdated.

    F-Secure, symantec, Mc Afee are all too heavy weight and usless. pretty much everything else is either the same or designed for small businesses.

    Sophos Support have been excelent which was the main reason i went with them, I have actually been to their HQ and seens there resources which are very good.

    Primarily i went with them because there Managment tools are the best. It was the only software where i could easily manage 680 machines, and monitor everything they are up to.

    On the same note: Disabling On Access on servers makes perfect sense as large runs with backups, and mass user requests are very intensive. I believe the recomendation is primarily for File servers for obvious reasons. If its a large concern though the best solution is to have hardware AV between the servers and the users.

  12. #27

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,192
    Thank Post
    300
    Thanked 215 Times in 185 Posts
    Rep Power
    57
    I moved from Symantec 10.2 to Endpoint 11 over the 6 weeks. I must admit it is actually not bad. It has stopped quite a few little things from spreading across to other clients from visitors USB drives. I haven't even configured anything and the IDEs get updated fine the client's AV all seems to be working Ok, and more or less right out the box. I have only had to deploy the client app to the clients. Overall i am quite impressed. The reporting pretty good too with easy to read results and also nicely laid out. It does require ISS to be installed though but i think it's worth the upgrade.

    Seems to be quite resource friendly as well.

  13. #28
    Oops_my_bad's Avatar
    Join Date
    Jan 2007
    Location
    Man chest hair
    Posts
    1,738
    Thank Post
    438
    Thanked 53 Times in 50 Posts
    Rep Power
    30
    Apparently a big update to the client engine went out a few days ago (~60meg) - anyone else having "issues" with this being deployed to their clients via autoupdate?

    I am told there will be a similar sized engine update for the firewall component too. Happy days

  14. #29
    lukang's Avatar
    Join Date
    Jun 2009
    Location
    nonya
    Posts
    16
    Thank Post
    0
    Thanked 4 Times in 2 Posts
    Blog Entries
    1
    Rep Power
    11
    Well if everyone knew as much as you then they could use any software solution huh?

    The biggest issue with sophos is many people dont read the documentation or dont understand what they are reading like RMS and the requirements to deploy the AV. Nor do they under stand the terms such as Do Nothing/ Do Nothing in the AV cleanup settings. Do nothing actually does quarantine what it finds and it allows the end user to safely take action against a virus.

  15. #30
    Oops_my_bad's Avatar
    Join Date
    Jan 2007
    Location
    Man chest hair
    Posts
    1,738
    Thank Post
    438
    Thanked 53 Times in 50 Posts
    Rep Power
    30
    Quote Originally Posted by lukang View Post
    Well if everyone knew as much as you then they could use any software solution huh?
    I beg your pardon? I know full well what I'm doing with sophos thank you very much we don't have any problems with it (granted except the minor one above a few weeks back) and it has protected us from all the nasties that have cropped up in recent years such as Confiker etc..



SHARE:
+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. Sophos V6 and EM 2 are out! What ya think?
    By ZeroHour in forum Windows
    Replies: 24
    Last Post: 15th September 2006, 10:59 PM
  2. Sophos EM
    By in forum Windows
    Replies: 5
    Last Post: 8th August 2006, 10:40 PM
  3. Sophos
    By andy in forum Mac
    Replies: 2
    Last Post: 13th February 2006, 05:05 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •