06 May 2011

Prevent the Sophos Web Intelligence Service for running on machine that do not require added web protection

The "Sophos Web Intelligence Service" (swi_service.exe) performs "Protects against threats from malicious websites."  This is something that is not required on certain devices that are dedicated to certain non web functions.  This is especially relevant if these are resouce contrained machines - such as old, under powered Windows based POS devices.

This service is controlled by the policy settings under Anti-Virus and HIPS in the Web protection section.  Turning the setting to Off prevents the service from protecting you, but it does not turn off the service.


You can see this by watching the process IO in task manager.  It start going up as soon as IE starts up and increments every time a new page is loaded.


The only way to stop this from happening it to turn the service off. And disable it so it does not start up again.

Here are two vb scripts to assist you with this.

This one turns off the service and sets the startup type to be Disabled.

strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

Set colServiceList = objWMIService.ExecQuery ("Select * from Win32_Service where Name = 'swi_service'")

For Each objService in colServiceList
    If objService.State = "Running" Then
        objService.StopService()
        Wscript.Sleep 10000
    End If
    errReturnCode = objService.ChangeStartMode("Disabled")   
Next

This one reverse the actions from the script above and change the startup type back to Automatic and starts the service.

strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

Set colServiceList = objWMIService.ExecQuery ("Select * from Win32_Service where Name = 'swi_service'")

For Each objService in colServiceList
errReturnCode = objService.ChangeStartMode("Automatic")       
        Wscript.Sleep 10000
objService.StartService()
Next






No comments:

Post a Comment