Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 10 subscribers
  • Views 7912 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why are the wrong exclusions showed

Peter Vroegop

 Hi,

I setup the sohos central to protect our serverpark and workstations
I first startup i set all the exclusions in the global exclusions list.

When we had an issue with one of the servers (missed some exclusing and therefor sophos runned out of cpu) I changed the exclusion declaration from the global list to the policies

For the machine with the exclusion troubles I created a group and policy and put the exclusions whice are only needed for this server in the policy.
After this I deleted the exclusion for this server from the global exclusion list.
At the other server I see at the exclusion list the deleted exclusions are gone.

However the machine whice must have the exclusions shows his "old" exclusion list with exclusions from the "old" global exclusionlist; with the deleted exclusions from the "old" Global exclusion list and without the new exclusions from the policy.

To create even more confusionis the effect on the server itself as whished. The on-access scanner operates with the exclusions set on the machines policy, whice are more as the where on the "old" global exclusion list.

So in operational way I don't have any problem, even when I make a change now, I tested it, the scan engine on the server react on it.
Only the reporting function of the central shows the wrong setiings.

Even though the operation is good, the reporting must also be good. Does anyone know a solution?

Best Regards,

 

Peter



This thread was automatically locked due to age.
Parents
  • 0

    I have a similar situation with exclusions at my site. One of my policies applies to four Windows Servers as they need a specific set of exclusions. If I look at the Exclusions tab of each device in Central I see that only one of the four has the correct exclusions listed. The other 3 Servers all have different versions of exclusions we've used over the last few months.

    I've has a case logged with support for this since 8th December. One thing they did suggest (which didnt work for me but may do for you) was to stop the MCS Agent and Client Services and then delete the contents of C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist.  Restart the services once complete.

    I've even created a fresh policy for these four servers with no change in behavior.

  • 0 in reply to AndyR

    also here the suggestion is not working after stopping the service and deleting the content of the meaned directory and start the services again central stiil listed the wrong set of exclusions.

     

    Somebody else?

     

    regards Peter

  • 0 in reply to Peter Vroegop

    Hi,

    does nobody have an idea?

    I have done some research myself.

    The serverfile C:\ProgramData\Sophos\Sophos Anti-Virus\Config\machine.xml contains the exceptions that the scanner actually works with.

    When I change the exlusions in Sophos Central (global or policy based) almost instantly the file C:\ProgramData\Sophos\Sophos Anti-Virus\Config\machine.xml is updated and contains the changes.

    However the tab serverprotection - servers - "the relevant server" - exclusions is not updated for almost a couple of days.

    So my conclusion is the update from sophos central to "the relevant server" is working fine, however the server isnot able to report the right settings back to the sophos central.

    This most be solved, after 2 month working with Sophos central the reporting of 1 server is corrupt.

    When this will not be served in a year, nobody knows what is and what will not be scanned.

  • 0 in reply to Peter Vroegop

    I am glad to hear that the actually policy is being applied. This would actually be much worse than the reporting being wrong. An update from sophos on when this will be fixed would be welcome.

  • 0 in reply to Victoria Cleaton

    There is a support ticket for this case by sophos support.
    Once I got a correct answer, i will share this here.

    For your information the file machine.xml in the directory c:\programdata\sophos\anti-virus\config contains the exclusions whive sophos is realy using.

    So if you have the same issue as I you can check the real exclusions in this file.

  • 0 in reply to Peter Vroegop

    Sophos has escalated this problem to there development department for futher investigation.

    The sophos statement is "I am afraid at this point in time there is no workaround however as this issue is only with reporting there should be no local impact on servers"

    However the reporting tells me whice settings are set on the scanner.
    When the settings are incorrect and the reporting does not tell me this, it will certainly affect the scanner.

    I compare this with the operation of the speedometer of a car.
    A defect in the speedometer will not affect the basic functionality of the car.
    However, only a few drivers will ignore this defect and continue to drive the car without a repair.

    As soon as Sophos offers news or (better) a solution, I let you know.

    Regards,

    Peter

Reply
  • 0 in reply to Peter Vroegop

    Sophos has escalated this problem to there development department for futher investigation.

    The sophos statement is "I am afraid at this point in time there is no workaround however as this issue is only with reporting there should be no local impact on servers"

    However the reporting tells me whice settings are set on the scanner.
    When the settings are incorrect and the reporting does not tell me this, it will certainly affect the scanner.

    I compare this with the operation of the speedometer of a car.
    A defect in the speedometer will not affect the basic functionality of the car.
    However, only a few drivers will ignore this defect and continue to drive the car without a repair.

    As soon as Sophos offers news or (better) a solution, I let you know.

    Regards,

    Peter

Children
No Data
Unfiltered HTML