I m trying to used the Secure Restore with Sophos Endpoint Agent. Is not an antivirus implemented by default in the configuration files. So I tried to edit the AntivirusInfos.xml but for the moment I got the following error message :
Here the part added: <AntivirusInfo Name='SOPHOS Endpoint Agent' IsPortableSoftware='false' ExecutableFilePath='%ProgramFiles%\Sophos\Endpoint Defense\SophosInterceptXCLI.exe' CommandLineParameters= 'scan %Path%' RegPath='' ServiceName='' ThreatExistsRegEx='' IsParallelScanAvailable='false'> <ExitCodes> <ExitCode Type='Success' Description='Command executed successfully'>0</ExitCode> <ExitCode Type='Error' Description='Error during command handling'>1</ExitCode> <ExitCode Type='Error' Description='Unexpected error during CLI setup'>2</ExitCode> </ExitCodes> </AntivirusInfo>
Does anyone have already implement Sophos Endpoint Agent with Veeam ? I ll continue my test :)
Page 1 / 1
Hi @Stabz
I used to use this a few years ago and this post was helpful:
Though I see you’re using the InterceptXCLI the rest should hopefully match up
Hey @MicoolPaul thanks! Yes I was looking to this example as support.
I changed the isportablesoftware to true and now Veeam detect my antivirus.
but the scan is pretty fast I m not sure about what is he doing , I ll try with the same setting from the forum post
Unfortunately the antivirus is detected but for me nothing is scanned, it’s too fast.
I change the setting to use Windows Defender, the scan took almost 1hour
Difference with Sophos
I tried with different parameters with and witout a backslash after the %Path%, but always the same result. I ll try to open a support case :)
Hey a quick update
Unfortunately, Sophos is not one of the officially supported AV solutions. And Veeam support does not provide support for the configuration of this product.
Think you’ll need support from Sophos as to how their CLI works to ensure its being used correctly
For us, the Solution was to remove the Exclusion for C:\VeeamFLR\. We added this Exclusion because of the Veeam KB (https://www.veeam.com/kb1999). But the CLI Scanner from Sophos also does not Scan any Exclusion configured in Sophos Central.
As soon as we removed that exclusion, the scan started to work propertly.
Hi @solae, do you have a guide on how i can integrate Veeam with Sophos?
Hello All, @Stabz@solae@MicoolPaul from your experience, based on the CLI exit codes, if there is a malware that is detected, will it trigger exit code 1 or exit code 2? I managed to make it scan, but i just wanted to confirm.
Error codes
The command-line tool can return the following error codes:
Code
Description
0
Success
1
Error during command handling
2
Unexpected error during CLI setup
I created a backup with Eicar test file. The malware is detected in Sophos Central but still it retuned an Exit code of 0. which is No threats detected. Is it the same for you guys?
hey @seanrockvz13 unfortunetally I didnt try again.
Probably Sophos has an ExitCode for this. Maybe you can ask to Sophos Support.
I created a backup with Eicar test file. The malware is detected in Sophos Central but still it retuned an Exit code of 0. which is No threats detected. Is it the same for you guys?
There is no exit code in Sophos in case of an infection. You have to parse the output of the SophosInterceptXCLI.exe.
See the example XML file posted above. It checks if “Detections“ in the output is not equal to “0”.
Exit code 0 only means that there was no error running the .exe file.
I created a backup with Eicar test file. The malware is detected in Sophos Central but still it retuned an Exit code of 0. which is No threats detected. Is it the same for you guys?
There is no exit code in Sophos in case of an infection. You have to parse the output of the SophosInterceptXCLI.exe.
See the example XML file posted above. It checks if “Detections“ in the output is not equal to “0”.
Exit code 0 only means that there was no error running the .exe file.
Does Sophos Central get detections once scanned, or do we can only check the logs for Detections?
In my recent tests, InterceptX has been configured within VEEAM 12.1 for Secure Restore.
The ExitCode 0 has to be changed to ”Process was completed successfully” which is right, because it doesn’t check for Detections.
But Veeam 12.1 (in my test) now handles Detections > 0, which results in a Warning during Restore