Enterprise Console: configuring on-access scanning
From the Enterprise Console, you can configure on-access scanning for computers on your network so they will report and deal with virus infections. Settings are configured by group.
You can also configure on-access scanning behaviour locally on individual computers. Full details can be found in the Sophos
- in the Sophos Anti-Virus for Windows 2000+, version 5.0 and above, manual refer to the section 'Changing when on-access scanning occurs'.
- in the Sophos
Anti-Virus for Windows NT/95/98/Me, version 4.5 and above, manual refer to the section 'On-access scanning: Selecting what is scanned'.
By default, on-access scanning is installed and enabled on all computers. The default configuration for on-access scanning
- enables on-read scanning
- scans at 'Normal' level
- uses the default file extensions list
- does not either disinfect or delete files.
These settings can be changed.
Note: If you do not want on-access scanning to run on some servers (e.g. Microsoft Exchange servers), set up a group of such servers.
What to do
Editing your on-access scanning settings on Enterprise Console version 2
- In the Policies pane, double-click the Anti-virus policy that you want to edit.
- If necessary, select 'Enable on-access scanning'.
- Click 'On-access'.
- Once you have finished editing your Anti-virus policy, apply it to the appropriate groups.
The 'On-access scan settings' options are displayed in tabbed pages.
On-access scanning behavior
These options are available in the Scanning tab.
- On read
To check files when they are opened, select 'On read'. This option should be used on all workstations and most other computers. - On write
To check files when they are written to a computer, either by that computer, or by another computer, select 'On write'. This option should be used where there is any danger of something spreading across shares in the network. - On rename
Where necessary, use this in conjunction with 'On write' scanning.
Disinfecting and removing files
These options are available for selection in the Cleanup tab. No confirmation is asked for before any of these actions is taken.- Automatic disinfection
Select 'Automatic disinfection' to implement on-access disinfection of macro viruses, and boot sector viruses on floppy disks, for Windows 95/98/Me/NT/2000/XP/2003 and Mac OS X computers. This will also disinfect some executable (program) file viruses on Windows NT/2000/XP/2003 computers. For Windows 95/98/Me, use a scheduled scan to disinfect executable files.
If you regularly use on-access disinfection, you should check the logs for your computers and ensure that you are aware of any potential side-effects caused by the viruses that have been removed. - Other actions against infected files
You should usually use the 'Do nothing' option, as in some circumstances 'Remove' might delete a (multiply infected) file that could have been disinfected. These options are not available for Windows 95/98/Me.- During a worm outbreak, using 'Remove' in conjuction with 'On write' can prevent the worm spreading futher across network shares.
- If infected files are moved, they can no longer be started by the operating system. However, you can still recover them and disinfect them. Some viruses will replace any of their files that have been deleted (e.g. W32/Sober-B).
Extensions and exclusions
For information on configuring the Extensions and Exclusions tabbed pages, see the Enterprise Console user manual.
Editing your on-access scanning settings on Enterprise Console version 1
- Select the group you want to edit.
- Click 'SAV policy'.
- If necessary, select 'Enable on-access scanning'.
- Click 'On-access'.
The 'On-access scan settings' options are displayed in tabbed pages.
On-access scanning behaviour
These options are available in the Scanning tab.
- On read
To check files when they are opened, select 'On read'. This option should be used on all workstations and most other computers. - On write
To check files when they are written to a computer, either by that computer, or by another computer, select 'On write'. This option should be used where there is any danger of something spreading across shares in the network. - On rename
Where necessary, use this in conjunction with 'On write' scanning.
Disinfecting and removing files
These options are available for selection in the Disinfection tab. No confirmation is asked for before any of these actions is taken.- Automatic disinfection
Select 'Automatic disinfection' to implement on-access disinfection of macro viruses, and boot sector viruses on floppy disks, for Windows 95/98/Me/NT/2000/XP/2003 and Mac OS X computers. This will also disinfect some executable (program) file viruses on Windows NT/2000/XP/2003 computers. For Windows 95/98/Me, use a scheduled scan to disinfect executable files.
If you regularly use on-access disinfection, you should check the logs for your computers and ensure that you are aware of any potential side-effects caused by the viruses that have been removed. - Other actions against infected files
You should usually use the 'Do nothing' option, as in some circumstances 'Remove' might delete a (multiply infected) file that could have been disinfected. These options are not available for Windows 95/98/Me.- During a worm outbreak, using 'Remove' in conjuction with 'On write' can prevent the worm spreading futher across network shares.
- If infected files are moved, they can no longer be started by the operating system. However, you can still recover them and disinfect them. Some viruses will replace any of their files that have been deleted (e.g. W32/Sober-B).
Extensions and exclusions
For information on configuring the Extensions and Exclusions tabbed pages, see the Enterprise Console user manual.
If you need more information or guidance, then please contact technical support.
- Article ID: 12460
- Created: 24 Jan 2005
- Last updated: 9 Oct 2008
