web realtime scanning notification
When I switch the Webprotection Malware scanning mode to Realtime scanning, I dont see any Notification when a Virus is found.
So maybe you can make it possible to recieve a notification when a Virus is found in Realtime scanning mode.
Dwayne Parker commented
Hi, any news on this?
Yes due to lack of the notification system we are currently using Batch mode, but we are experiencing big performance problems due to our slow WAN uplink. Due to the long waiting times until the download begins, we've got many double downloads, so our uplink was loaded much more than before. That's why we are preferring realtime mode.
I've got at least one more important point, please don't integrate this into the endpoint security, synchronized security or Sophos central rather provide an extra application for this, because not everybody is using XG and Sophos endpoint rather an other endpoint security. Without providing an extra application wich is independent to Sophos Endpoint the notification system would be useless for many users!
Could you please inform us about any changes in this topic!
When do you expect a decision how to implement this feature, respectively when do you expect it is clear if it get's implemented?
Great points. Thanks for the feedback. We'll certainly take it into account and keep brainstorming on how best to provide this kind of feedback when it can't be delivered directly in the browser.
Have you tried running with virus protection in Batch mode? It does provide the notifications when malware is found. You may find that the difference in behaviour is not too noticeable.
Yes this would be useful, because there are many benefits when you know that a Virus is found:
1. You could run a local Virus test to check if your System got infected by other files of the same source.
2. When the download gets interrupted, you don't know weather it got interrupted by XG or due to an Server error.
3.You are able to inform the Administrator
4.You can avoid this Website in future
5.The user could take immediatly countermeasures against the virus!
These are all Arguments for a notification System that provides informations about virus detections! Please add it!
As Michael points out, because real-time mode starts sending the file content before the decision is made to block, the browser would mostly fail to recognise or render an HTML block message if we sent it after the aborted file content.
If there was another, out-of-band method for sending such notifications, do you think it would be useful? For example, a message displayed on the Windows desktop via the Authentication Agent, or maybe using a browser add-on?
Why is it technically impossible to send a message when an Virus is found?
Maybe you can provide a Notification/Alert System in the authentification application for Windows, so like an antivirus Dashboard?
Michael Dunn commented
It is technically impossible to provide a notification to the user when a virus is found during realtime scanning. The way this mode works is that the XG provides the file to the browser before the file has been virus scanned. The XG will hold onto the last part of the file while it does the AV scan and if virus is found it will kill the download to the browser so that you get an incomplete file and download failed. It is impossible for the XG to kill the file download and then afterwards redirect the client to a block page.
The file containing the virus never fully arrives at the client, and the administrator is notified. But the user is not. Real-time mode gives the user the benefit of a earlier download and smoother experience for clean files, at the cost of explicit block pages for malware.
mia mueller commented
Would be really nice to have as Feature!
Pete Snow commented
This is an very important Feature!
Andreas Surer commented
Please add this Feature, it is very important to know if a thread is found!
This should a basic feature built-in.
Sarah Lisa commented
I'd like to have this feature too!
Long time I've thought it's a bug!