Another nail in Sophos Coffin - my server just alerted me to a load of events in the system event log which just maxed out the CPU for 15 mins with a load of these logged:
The on access driver failed to check file \Device\Harddiskdmvolumes\physicaldmvolumes\Blockv o
A wad of entries which have caused my backup to fail and other scheduled scripts - anyone got any ideas ?
Rule one of the Sophos Recomendatsions - disable the On-Access scanner on Servers.
Heh - not much point in having it installed then !!Originally Posted by john
If that is what they come back with [ after my E-mail I have just sent, then I think I'll ask for my money back ]
go Sophos go Sophos its ya birthday and ya know ya hopeless muhahahahaha may i rocomend a diffrent antivirus that works and dose not destroy slow you pc, servers and give you the biggest headake ever??? let me introduce you to your new friend. its a 3 letter word with 2 numbers. let the games of hang man begin
Nah nod32 aint that brill either, Trend Micro for me
As for Sophos, I am being serious, you are supposed to turn off the On-Access scanner on all servers to ensure no performance reduction and ensure that you have daily scheduled full scans in quiet time to scan for bugs.
We use CA eTrust which seems to do alright for performance and stability. One of the places I did some work for had NOD32 and it was a nasty bit of work, they released three seporate updated that killed the Exchange information store. Twice it damaged the information store to the point that it needed to be restored from backups. It only had automatic updates on as the tech before me had it setup that way and they did not want me to change it.
I have found the best compromise is to leave the on access scan installed but set it to on write only. This does not slow down the back ups (with it enabled the time taken almost doubles) and as a big chunk of server activity is reading files (particularly on the application and web servers) then it has a lot less impact.
We have it only set to do daily scans on servers here - anything more is, IMO, overkill, as all clients have on access scanning - so the only way of things getting onto the server would be via one of these.
I know what you are saying - but I just do not have enough confidence in Sophos that there is not a machine out there where the local software is not working properly!
I've got a sophos engineer comeing in beacuse i had to download the rootkit tool and a kind pr guy phoned to see how it went. I told him we had lost confidence in the product so now their sending an engineer to site to have a good look at whats happening.
On the plus side we had a brand new virus and sophos tech support were excellent. Nod32 couldn't deal with it and their telephone support isn't upto much.
I understand what you are saying but what if Sophos is not running on the client ? At least with both running you get a fall back on a file being checked somewhere.....
Windows Server 2003 has been out now long enough for them to get their product running properly on it.
I have to be careful what I say about Sophos on here though.....
Good lord, I would not let a Sophos Engineer near a video recorder let alone a live server.....If it has got to a point in which a VERY LARGE software vendor is sending an engineer to a user / business / school or whatever, - it does not really send a message of trust to that particular vendor when its supposed to be a critical security app !! My opinion blah blah blahI told him we had lost confidence in the product so now their sending an engineer to site to have a good look at whats happening.
Not really, it is industry practice to turn off on-access type scanning on the servers. Afterall, most servers simply contain inert content and a single daily scan will see these off. The clients SHOULD be running on-access (but with remote file checking switched off) as it is the client which will be opeing the files locally.
Well it wasn't in my last job and I was responsible for rolling out an AV solution on 3 citrix farms, a few thousand clients and a stack of file servers. If a client had an out of date sig or a problem with the av product at least the on-access scanning on the server may pick it up.it is industry practice to turn off on-access type scanning on the servers.
I suppose it depends on how business critical the industries data is and what their policies are - its something I would never consider though - no matter how large or small the industry was.
Yes, but your server containing tens of thousands of users files should not be scanning all of them every time a request for access occurs. The clients AV should do that.
I beleive its called customer serviceI understand what you are saying but what if Sophos is not running on the client ? At least with both running you get a fall back on a file being checked somewhere.....
Windows Server 2003 has been out now long enough for them to get their product running properly on it.
I have to be careful what I say about Sophos on here though.....
Good lord, I would not let a Sophos Engineer near a video recorder let alone a live server.....If it has got to a point in which a VERY LARGE software vendor is sending an engineer to a user / business / school or whatever, - it does not really send a message of trust to that particular vendor when its supposed to be a critical security app !! My opinion blah blah blahI told him we had lost confidence in the product so now their sending an engineer to site to have a good look at whats happening.and is one of the tools that any business be it large or small can use to guage customer satisfaction etc..
They may also tell me that i (go forbid) have made an error with my setup and that is why i am not satisfied. After all were only human and can make mistakes without realising it.
I'm far more happy to receive this kind of help from a vendor who can supply it. Bet Nod can't provide that service if you were totaly stuck with their product (or many of the other vendors)
Like someone said on another post its not black and white.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
