> Software > Files > File Archiving > Third-Party Software

Sophos® Endpoint Security and Control Version 10.3 Settings for Windows File Archiver

Sophos® Endpoint Security and Control Version 10.3 can be configured on the computers that have the Windows File Archiver agent installed. It allows for scanning of processes that are running on the servers. By default these processes are scanned in real-time for known viruses as and when the files are being processed for archiving. The "Scanning Phase" of archiving keeps triggering the scanning process of the antivirus, which is very resource intensive.

However, Sophos Endpoint security can be configured to avoid scanning the archived files.

Follow the steps given below to configure the security system to avoid scanning of archived files:

Prerequisite

Before you begin, ensure that the following are enabled:

On Access Scanning

Right-click Scanning

Full Scan

  1. On the Task Bar right-click the Sophos Antivirus icon and click Open Sophos Endpoint Security and Control.

    sophos01

  2. In the Sophos Endpoint and Security Control dialog box, click Configure anti-virus and HIPS.

    sophos_103_02

  3. Under the Configure section, click On-Access Scanning.

    sophos_103_03

  4. On the Options tab and clear the Scan inside archive files checkbox.

    sophos_103_04

  5. Click OK.

  6. In the Sophos Endpoint and Security Control dialog box, click Web Protection.

    sophos_103_06

  7. In the Web Protection dialog box:

    • In the Block Access to malicious websites list, click On.

    • In the Download Scanning list, click As on-access scanning.

    • Click OK.

  8. In the Sophos Endpoint Security and Control dialog box, click Authorization.

    • In the Authorization Manager dialog box, click the Suspicious Behavior tab.

    • On the Suspicious Behavior tab, include CLBackup.exe in the Authorized Applications box.

    • Click OK.

    sophos_103_07

Configuring Windows Registry

  1. Start the Registry Editor on the computer where the file archiver agent is installed.

  2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cvmhsm\Parameters\.

  3. Right-click Parameters, point at New and click String Value.

  4. In the Value Name box type ExcludeProcessX.

    Where X is the next consecutive number in the list (i.e. ExcludeProcess1, ExcludeProcess2, etc.)) for any process that should not initiate recalls.

    All ExcludeProcess names must be truncated to a maximum 15 character string value or the Windows OS Kernel Mode will not process the exclusion properly. This would result in the exclusion being ignored, unexpected recalls occurring and other unexplained stub activities.

    For example:

    • BackgroundScanC (Truncated from BackgroundScanClient.exe to meet 15 character limit)

    • SAVCleanupServi (Truncated from SAVCleanupService.exe to meet 15 character limit)

    • SavadminService (Truncated from SavadminService.exe to meet 15 character limit)

      Note

      Ensure that in addition to registry keys with environment specific executables, ExcludeProcess registries are also created with the following as their respective value:

      ALMon.exe

      ALsvc.exe

      BackgroundScanC

      native.exe

      sav32cli.exe

      SAVCleanupServi

      SavMain.exe

      SavProgress.exe

      sdcdevcon.exe

      sdcservice.exe

      WSCClient.exe

      SavService.exe

      SavadminService

  5. Restart the Commvault services for the registry to take its effect.

  6. In a cluster setup repeat all the above mentioned steps on all the physical machines.

    mcafee07

×

Loading...