Sophos® Endpoint Security and Control Version 9 Settings for Windows File Archiver - Version 8

Sophos® Endpoint Security and Control 9 can be configured on the computers that have the Windows File Archiver 8 agent installed. It allows for scanning of processes that are running on the servers. By default these processes are scanned in real-time for known viruses as and when the files are being processed for archiving. The "Scanning Phase" of archiving keeps triggering the scanning process of the antivirus, which is very resource intensive.

However Sophos Endpoint security can be configured to avoid scanning the archived files.

All configuration settings described here should always be tested in the your CommCell Environment to confirm these settings meet all of the Security and Threat detection policies as well as all server, network and enterprise policies.

Follow the steps given below to configure the security system to avoid scanning of archived files:

Prerequisite

Before you begin, ensure that the following are enabled:

On Access Scanning

Right-click Scanning

Full Scan

1. On the Task Bar right-click the Sophos Antivirus icon and click Open Sophos Endpoint Security and Control.
2. Click Configure anti-virus and HIPS.
3. Under the Configure section, click On-Access Scanning.
4.
  • Click the Options tab and clear the Scan inside archive files checkbox.
  • Click Ok.

Configuring Windows Registry

Once the Sophos Endpoint Client is configured and before any scans are run please add the following changes to the Bull Calypso Software registry section on the SEP Client server.

  1. Start the Registry Editor on the computer where the file archiver agent is installed.
  2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gxhsm\Parameters\.
  3. Right-click Parameters, point at New and click String Value.
  4. In the Value Name box type ExcludeProcessX.

    Where X is the next consecutive number in the list (i.e. ExcludeProcess1, ExcludeProcess2, etc.)) for any process that should not initiate recalls.

    All ExcludeProcess names must be truncated to a maximum 15 character string value or the Windows OS Kernel Mode will not process the exclusion properly. This would result in the exclusion being ignored, unexpected recalls occurring and other unexplained stub activities.
    Ensure that in addition to registry keys with environment specific executables, ExcludeProcess registries are also created with the following as their respective value:
    • ALMon.exe
    • ALsvc.exe
    • BackgroundScanC (Truncated from BackgroundScanClient.exe)
    • native.exe
    • sav32cli.exe
    • SAVCleanupServi (Truncated from SAVCleanupService.exe)
    • SavMain.exe
    • SavProgress.exe
    • sdcdevcon.exe
    • sdcservice.exe
    • WSCClient.exe
    • SavService.exe
    • SavadminService (Truncated from SavadminService.exe to meet 15 character limit)

  5. Restart the Bull Calypso services for the registry to take its effect.
  6. In a cluster setup repeat all the above mentioned steps on all the physical machines.