This article describes how to centrally enable or disable Sophos web content scanning. For details of how to do this locally, see How to locally enable or disable Sophos web content scanning.
Client computers managed with Enterprise Console.
If you do not use Enterprise Console to manage clients, go to the section below, Unmanaged client computers
Client computers managed with Enterprise Console
- Open Enterprise Console.
- Navigate to the Anti-Virus Hips policy you wish to manage and right click ‘View/Edit Policy’
- Under the web protection section select from the drop down box for ‘Download Scanning’ and change to ‘Off’.
- Then click ok twice to confirm changes and the policy will then be applied to workstations managed by this policy.
Unmanaged client computers
- Export the Sophos Anti-Virus configuration file
Use ExportConfig.exe to export your current Sophos Anti-Virus configuration as the file savconf.xml. See Enterprise Console: using ExportConfig.exe to create XML configuration files for more guidance.
- Edit the configuration file.
- Open savconf.xml in Notepad.
- In the menu bar, select 'Format' and disable 'Word Wrap'.
- Scroll down to the bottom of the file.
Just above the tag '</config>', copy and paste in the following text (options are case sensitive). Do not insert line breaks.
<inst:install xmlns:inst="http://www.sophos.com/SAVXP/SavInstallConfiguration" xmlns="http://www.sophos.com/SAVXP/SavInstallConfiguration">
NOTE: You can choose from the following options for the <mode> elements above:
- <mode>asOnAccess</mode> web scanning is set the same as on-access scanning. This is the default.
- <mode>on</mode> web content scanning is on/enabled.
- <mode>off</mode> web scanning is on off/disabled.
- Save the savconf.xml file.
- Place the savconf.xml file in the following location: \\Servername\SophosUpdate\CIDS\S000\SAVSCFXP\SAVXP\
Note: The S000 may vary depending on your subscription. Please check bootstrap location in the console for more details by going to View and selecting “Bootstrap locations”.
Use ConfigCID.exe to implement the changes you have made.
See Enterprise Console: using ExportConfig.exe to create XML configuration files.
Once the changes have been applied, any network computers updated or protected from the central installation will have Sophos web content scanning functionality enabled or disabled, according to your chosen configuration.