How to run the Source of Infection tool on Windows startup

  • N.º del artículo: 118811
  • Actualizado: 18 jul 2013

This guide shows you how to run the Source of Infection tool on at boot-up time before you have performed a log on to Windows, useful for cases where a detection returns following clean-up. This assumes you have already read article 111505 regarding the use of the tool.

Known to apply to the following Sophos product(s) and version(s)

Source of Infection

Operating systems
Windows Vista,
Windows 7
Windows Server 2008
Windows Server 2008 R2
Windows Server 2011

What To Do

Note: The example bellow will log all files written to the hard drive and will therefore result in log files that rapidly increasing in file size. If the location or file name is the same for each detection, then an additional trigger should be added to the command line arguments as discussed in 111505.

Install the SOI drrivers

  1. Delete the following files if they exist:
    • %temp%\Source of Infection Log.csv
    • %temp%\Source of Infection Trace.txt
  2. Download the SourceOfInfection.exe tool from our website:
  3. Copy the SourceOfInfection.exe to the root of your C drive
  4. Open a command prompt window, click Start goto Run (Windows + R), type: CMD followed by Enter.
  5. Type: CD C:\ followed by Enter to change to the root of the C drive.
  6. Type: SourceOfInfection.exe -id followed by Enter to install the SOI drivers.
  7. Close the command prompt.

Create a scheduled task

  1. Click: Start | All Programs | Accessories | System Tools | Task Scheduler
  2. Click: Create Task...
  3. Make the following changes under each tab
    • The General tab:
      • Name: SOI Task
      • Change Use or Group: Set this to an administrator account
      • Select: Run whether user is logged on or not
      • Tick: Run with highest privileges
    • The Triggers tab
      • Create a new trigger of on startup
    • The Action tab
      • Create a new action
      • Action Start a program
      • "Program/script: C:\SourceOfInfection.exe
      • Arguments: -ro
  4. Click OK to save the policy.
  5. Input the administrator password when requested.

To start logging

  1. Clean the current detections from system in the Sophos Anti-Virus quarantine.
  2. Restart the computer.

Two logs will be generated in the default location (%temp%

  • %temp%\Source of Infection Log.csv
  • %temp%\Source of Infection Trace.txt

Once this information has been gathered, logging can be disabled by deleting the scheduled task and rebooting the machine.

 
Si necesita más ayuda, póngase en contacto con soporte técnico.

Valore el artículo

Muy malo Excelente

Comentarios