From the central Enterprise Console you can run a full system scan of individual endpoint computers or an entire group of computers.
A full system scan is an immediate scan of the whole hard drive of a computer. It is useful when dealing with a small virus (or other) outbreak on your network. For a major outbreak, see Enterprise Console: removing viruses over a network.
This article explains what our definition of a full scan is and how to run a scan centrally. For instructions on running a full scan locally see article 61665 instead.
Applies to the following Sophos product(s) and version(s)
What is a 'full scan'?
The settings used for a full system scan are dictated by which group Anti-Virus and HIPS policies apply. The following Anti-Virus and HIPS settings are used:
- On-demand exclusions
- On-demand extensions
- All other default Scheduled scanning options.
How do I run a scan?
- Open the console.
- Either right-click a computer group or a single computer object.
- From the menu, select 'Full System Scan'. Example:
A prompt will appear explaining when the instruction to scan will be ignored by the endpoint computer:
- Click 'OK' to run the scan on the computer(s). If you are a 'Sophos Administrator' you will be able to see the scan running from the local program:
As an administrator, you can click 'here' (see screenshot above) to see the scan running. You can also cancel the scan from here (you cannot cancel the scan from the console):
- When the scan has finished check the date and time is recent to indicate the scan has fully completed on the 'Anti-Virus Details' tab. Example:
You can now clean up detected items - see article 112129 for more information if.
If the scan was cancelled locally you will see an error on the 'Alert and Error Details' tab:
And in the Computer Details for that computer:
See article 112014 for more information on aborted scans.
What happens if I choose to run a scan and the target computer is switched off?
When you select to perform an action (any action) in the console this is sent from the Enterrpise Console to the endpoint computer by the Remote Management System (RMS) in the form of a .msg file.
If the computer is switched off, or your management server cannot connect to the endpoint computer immediately to communicate the request to scan a .msg file will be stored on the server in the Envelopes for later transmission. For more details about the Envelopes folder see article 63588.