+ Post New Thread
Page 1 of 3 123 LastLast
Results 1 to 15 of 32
Windows Thread, Sophos Does It Again !! in Technical; Another nail in Sophos Coffin - my server just alerted me to a load of events in the system event ...
  1. #1

    mattx's Avatar
    Join Date
    Jan 2007
    Posts
    9,240
    Thank Post
    1,058
    Thanked 1,068 Times in 625 Posts
    Rep Power
    740

    Sophos Does It Again !!

    Another nail in Sophos Coffin - my server just alerted me to a load of events in the system event log which just maxed out the CPU for 15 mins with a load of these logged:

    The on access driver failed to check file \Device\Harddiskdmvolumes\physicaldmvolumes\Blockv o

    A wad of entries which have caused my backup to fail and other scheduled scripts - anyone got any ideas ?

  2. #2

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,611
    Thank Post
    1,496
    Thanked 1,051 Times in 920 Posts
    Rep Power
    303

    Re: Sophos Does It Again !!

    Rule one of the Sophos Recomendatsions - disable the On-Access scanner on Servers.

  3. #3

    mattx's Avatar
    Join Date
    Jan 2007
    Posts
    9,240
    Thank Post
    1,058
    Thanked 1,068 Times in 625 Posts
    Rep Power
    740

    Re: Sophos Does It Again !!

    Quote Originally Posted by john
    Rule one of the Sophos Recomendatsions - disable the On-Access scanner on Servers.
    Heh - not much point in having it installed then !!
    If that is what they come back with [ after my E-mail I have just sent, then I think I'll ask for my money back ]

  4. #4
    PEO
    PEO is offline
    PEO's Avatar
    Join Date
    Oct 2007
    Posts
    2,093
    Thank Post
    457
    Thanked 150 Times in 95 Posts
    Rep Power
    71

    Re: Sophos Does It Again !!

    go Sophos go Sophos its ya birthday and ya know ya hopeless muhahahahaha may i rocomend a diffrent antivirus that works and dose not destroy slow you pc, servers and give you the biggest headake ever??? let me introduce you to your new friend. its a 3 letter word with 2 numbers. let the games of hang man begin

  5. #5

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,611
    Thank Post
    1,496
    Thanked 1,051 Times in 920 Posts
    Rep Power
    303

    Re: Sophos Does It Again !!

    Nah nod32 aint that brill either, Trend Micro for me

    As for Sophos, I am being serious, you are supposed to turn off the On-Access scanner on all servers to ensure no performance reduction and ensure that you have daily scheduled full scans in quiet time to scan for bugs.

  6. #6

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,172
    Thank Post
    868
    Thanked 2,699 Times in 2,288 Posts
    Blog Entries
    11
    Rep Power
    772

    Re: Sophos Does It Again !!

    We use CA eTrust which seems to do alright for performance and stability. One of the places I did some work for had NOD32 and it was a nasty bit of work, they released three seporate updated that killed the Exchange information store. Twice it damaged the information store to the point that it needed to be restored from backups. It only had automatic updates on as the tech before me had it setup that way and they did not want me to change it.

  7. #7
    limbo's Avatar
    Join Date
    Aug 2005
    Location
    Birmingham
    Posts
    460
    Thank Post
    2
    Thanked 41 Times in 36 Posts
    Rep Power
    25

    Re: Sophos Does It Again !!

    Quote Originally Posted by John
    As for Sophos, I am being serious, you are supposed to turn off the On-Access scanner on all servers to ensure no performance reduction and ensure that you have daily scheduled full scans in quiet time to scan for bugs.
    I have found the best compromise is to leave the on access scan installed but set it to on write only. This does not slow down the back ups (with it enabled the time taken almost doubles) and as a big chunk of server activity is reading files (particularly on the application and web servers) then it has a lot less impact.

  8. #8

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,684
    Thank Post
    516
    Thanked 2,453 Times in 1,899 Posts
    Blog Entries
    24
    Rep Power
    833

    Re: Sophos Does It Again !!

    We have it only set to do daily scans on servers here - anything more is, IMO, overkill, as all clients have on access scanning - so the only way of things getting onto the server would be via one of these.

  9. #9
    limbo's Avatar
    Join Date
    Aug 2005
    Location
    Birmingham
    Posts
    460
    Thank Post
    2
    Thanked 41 Times in 36 Posts
    Rep Power
    25

    Re: Sophos Does It Again !!

    Quote Originally Posted by localzuk
    all clients have on access scanning
    I know what you are saying - but I just do not have enough confidence in Sophos that there is not a machine out there where the local software is not working properly!

  10. #10
    e_g_r's Avatar
    Join Date
    Sep 2005
    Location
    Rochdale
    Posts
    460
    Thank Post
    51
    Thanked 26 Times in 17 Posts
    Rep Power
    24

    Re: Sophos Does It Again !!

    I've got a sophos engineer comeing in beacuse i had to download the rootkit tool and a kind pr guy phoned to see how it went. I told him we had lost confidence in the product so now their sending an engineer to site to have a good look at whats happening.

    On the plus side we had a brand new virus and sophos tech support were excellent. Nod32 couldn't deal with it and their telephone support isn't upto much.

  11. #11

    mattx's Avatar
    Join Date
    Jan 2007
    Posts
    9,240
    Thank Post
    1,058
    Thanked 1,068 Times in 625 Posts
    Rep Power
    740

    Re: Sophos Does It Again !!

    Quote Originally Posted by localzuk
    We have it only set to do daily scans on servers here - anything more is, IMO, overkill, as all clients have on access scanning - so the only way of things getting onto the server would be via one of these.
    I understand what you are saying but what if Sophos is not running on the client ? At least with both running you get a fall back on a file being checked somewhere.....
    Windows Server 2003 has been out now long enough for them to get their product running properly on it.
    I have to be careful what I say about Sophos on here though.....

    I told him we had lost confidence in the product so now their sending an engineer to site to have a good look at whats happening.
    Good lord, I would not let a Sophos Engineer near a video recorder let alone a live server.....If it has got to a point in which a VERY LARGE software vendor is sending an engineer to a user / business / school or whatever, - it does not really send a message of trust to that particular vendor when its supposed to be a critical security app !! My opinion blah blah blah

  12. #12

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    10,395
    Thank Post
    601
    Thanked 2,171 Times in 994 Posts
    Blog Entries
    23
    Rep Power
    630

    Re: Sophos Does It Again !!

    Not really, it is industry practice to turn off on-access type scanning on the servers. Afterall, most servers simply contain inert content and a single daily scan will see these off. The clients SHOULD be running on-access (but with remote file checking switched off) as it is the client which will be opeing the files locally.

  13. #13

    mattx's Avatar
    Join Date
    Jan 2007
    Posts
    9,240
    Thank Post
    1,058
    Thanked 1,068 Times in 625 Posts
    Rep Power
    740

    Re: Sophos Does It Again !!

    it is industry practice to turn off on-access type scanning on the servers.
    Well it wasn't in my last job and I was responsible for rolling out an AV solution on 3 citrix farms, a few thousand clients and a stack of file servers. If a client had an out of date sig or a problem with the av product at least the on-access scanning on the server may pick it up.
    I suppose it depends on how business critical the industries data is and what their policies are - its something I would never consider though - no matter how large or small the industry was.

  14. #14

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    10,395
    Thank Post
    601
    Thanked 2,171 Times in 994 Posts
    Blog Entries
    23
    Rep Power
    630

    Re: Sophos Does It Again !!

    Yes, but your server containing tens of thousands of users files should not be scanning all of them every time a request for access occurs. The clients AV should do that.

  15. #15
    e_g_r's Avatar
    Join Date
    Sep 2005
    Location
    Rochdale
    Posts
    460
    Thank Post
    51
    Thanked 26 Times in 17 Posts
    Rep Power
    24

    Re: Sophos Does It Again !!

    Quote Originally Posted by mattx
    Quote Originally Posted by localzuk
    We have it only set to do daily scans on servers here - anything more is, IMO, overkill, as all clients have on access scanning - so the only way of things getting onto the server would be via one of these.
    I understand what you are saying but what if Sophos is not running on the client ? At least with both running you get a fall back on a file being checked somewhere.....
    Windows Server 2003 has been out now long enough for them to get their product running properly on it.
    I have to be careful what I say about Sophos on here though.....

    I told him we had lost confidence in the product so now their sending an engineer to site to have a good look at whats happening.
    Good lord, I would not let a Sophos Engineer near a video recorder let alone a live server.....If it has got to a point in which a VERY LARGE software vendor is sending an engineer to a user / business / school or whatever, - it does not really send a message of trust to that particular vendor when its supposed to be a critical security app !! My opinion blah blah blah
    I beleive its called customer service and is one of the tools that any business be it large or small can use to guage customer satisfaction etc..

    They may also tell me that i (go forbid) have made an error with my setup and that is why i am not satisfied. After all were only human and can make mistakes without realising it.

    I'm far more happy to receive this kind of help from a vendor who can supply it. Bet Nod can't provide that service if you were totaly stuck with their product (or many of the other vendors)

    Like someone said on another post its not black and white.

SHARE:
+ Post New Thread
Page 1 of 3 123 LastLast

Similar Threads

  1. Sophos V6 and EM 2 are out! What ya think?
    By ZeroHour in forum Windows
    Replies: 24
    Last Post: 15th September 2006, 09:59 PM
  2. Sophos EM
    By in forum Windows
    Replies: 5
    Last Post: 8th August 2006, 09:40 PM
  3. Sophos
    By andy in forum Mac
    Replies: 2
    Last Post: 13th February 2006, 04:05 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •