Solved

Secure Restore / Sophos Endpoint Agent

Stabz
Userlevel 7
Badge +7

Hello guys,

I m trying to used the Secure Restore with Sophos Endpoint Agent.
Is not an antivirus implemented by default in the configuration files. So I tried to edit the AntivirusInfos.xml but for the moment I got the following error message :


Here the part added:
<AntivirusInfo Name='SOPHOS Endpoint Agent' IsPortableSoftware='false' ExecutableFilePath='%ProgramFiles%\Sophos\Endpoint Defense\SophosInterceptXCLI.exe' CommandLineParameters= 'scan %Path%' RegPath='' ServiceName='' ThreatExistsRegEx='' IsParallelScanAvailable='false'>
        <ExitCodes>
            <ExitCode Type='Success' Description='Command executed successfully'>0</ExitCode>
            <ExitCode Type='Error' Description='Error during command handling'>1</ExitCode>
            <ExitCode Type='Error' Description='Unexpected error during CLI setup'>2</ExitCode>
        </ExitCodes>
    </AntivirusInfo>

Does anyone have already implement Sophos Endpoint Agent with Veeam ?
I ll continue my test :)

icon

Best answer by MicoolPaul 12 April 2023, 11:32

View original
Philippe DUPUIS |Veeam Certified Engineer | https://original-network.com/

7 comments

MicoolPaul
Userlevel 7
Badge +17

Hi @Stabz 

 

I used to use this a few years ago and this post was helpful:

https://forums.veeam.com/veeam-backup-replication-f2/secure-restore-malware-scanning-with-sophos-t67511.html

 

Though I see you’re using the InterceptXCLI the rest should hopefully match up 😁

Michael Paul - #VeeamLegend | #VeeamVanguard | Veeam Certified Architect | VMware vExpert | https://micoolpaul.com | Twitter: @MicoolPaul | Mastodon: @micoolpaul@masto.nu
Stabz
Userlevel 7
Badge +7

Hi @Stabz 

 

I used to use this a few years ago and this post was helpful:

https://forums.veeam.com/veeam-backup-replication-f2/secure-restore-malware-scanning-with-sophos-t67511.html

 

Though I see you’re using the InterceptXCLI the rest should hopefully match up 😁

Hey @MicoolPaul thanks! Yes I was looking to this example as support.

I changed the isportablesoftware to true and now Veeam detect my antivirus.
 

 

but the scan is pretty fast I m not sure about what is he doing 😂, I ll try with the same setting from the forum post

Philippe DUPUIS |Veeam Certified Engineer | https://original-network.com/
Stabz
Userlevel 7
Badge +7

 

Unfortunately the antivirus is detected but for me nothing is scanned, it’s too fast.
 

I change the setting to use Windows Defender, the scan took almost 1hour

Difference with Sophos

I tried with different parameters with and witout a backslash after the %Path%, but always the same result. I ll try to open a support case :)

Philippe DUPUIS |Veeam Certified Engineer | https://original-network.com/
Stabz
Userlevel 7
Badge +7

Hey a quick update 

Unfortunately, Sophos is not one of the officially supported AV solutions. And Veeam support does not provide support for the configuration of this product.

Philippe DUPUIS |Veeam Certified Engineer | https://original-network.com/
MicoolPaul
Userlevel 7
Badge +17

Think you’ll need support from Sophos as to how their CLI works to ensure its being used correctly 🙂

Michael Paul - #VeeamLegend | #VeeamVanguard | Veeam Certified Architect | VMware vExpert | https://micoolpaul.com | Twitter: @MicoolPaul | Mastodon: @micoolpaul@masto.nu
S

For us, the Solution was to remove the Exclusion for C:\VeeamFLR\. We added this Exclusion because of the Veeam KB (https://www.veeam.com/kb1999). But the CLI Scanner from Sophos also does not Scan any Exclusion configured in Sophos Central.

As soon as we removed that exclusion, the scan started to work propertly.

 

AntivirusInfos.xml:

<Antiviruses>
	<AntivirusInfo Name='Sophos Intercept X' IsPortableSoftware='true' ExecutableFilePath='%ProgramFiles%\Sophos\Endpoint Defense\SophosInterceptXCLI.exe' CommandLineParameters='scan %Path%' RegPath='' ServiceName='' ThreatExistsRegEx='[dD]etections(: )*[1-9][0-9]*' IsParallelScanAvailable='false'>
		<ExitCodes>
			<ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
			<ExitCode Type='Error' Description='Error during command handling'>1</ExitCode>
			<ExitCode Type='Error' Description='Unexpected error during CLI setup'>2</ExitCode>
		</ExitCodes>
	</AntivirusInfo>
</Antiviruses>

 

S

I found no way to edit my last post. there was a small mistake in the XML abobe (“--noui” is missing as paramter).

 

The correct, working, xml:

<Antiviruses>
	<AntivirusInfo Name='Sophos Intercept X' IsPortableSoftware='true' ExecutableFilePath='%ProgramFiles%\Sophos\Endpoint Defense\SophosInterceptXCLI.exe' CommandLineParameters='scan --noui %Path%' RegPath='' ServiceName='' ThreatExistsRegEx='[dD]etections(: )*[1-9][0-9]*' IsParallelScanAvailable='false'>
		<ExitCodes>
			<ExitCode Type='Success' Description='No threats detected'>0</ExitCode>
			<ExitCode Type='Error' Description='Error during command handling'>1</ExitCode>
			<ExitCode Type='Error' Description='Unexpected error during CLI setup'>2</ExitCode>
		</ExitCodes>
	</AntivirusInfo>
</Antiviruses>

 

Comment


Terms & Conditions