Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Subscribers 11 subscribers
  • Views 3035 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intercept X Advanced for Server - Lockdown File/Folder Exclusions

CraigLloyd

Hi,

We have the above product installed on two files servers that run our Distributed File System (DFS) shares storage locations.

Some of these Fileshare locations contain .exe files and various installers we use for Deployment and also programs we have compiled internally.

 

When we enact "Lockdown" on these file servers we can no longer remove, change or update these files.

Which I understand this is what "Lockdown" is supposed to protect against.

 

However I've attempted to Exclude these Folders through modification of the Lockdown Policy "Allowed files/folders" list that affects these two servers, but I'm not getting the results I would expect.

The Help on the Lockdown Policy Exclusions is vague at best, so I need some guidance, especially on the use of Wildcards *

 

1) Should I be excluding the Folder in the drive that sits on the actual server? e.g. F:\IT\

2) Should I be excluding the Folder as it's presented through Drive Mapping to the Clients? e.g. I:\

 

It won't let me exclude by servername and sharename or DFS share

e.g. \\servername\sharename or \\domainname\private\sharename

 

Predominantly all I really want to do with the Server Lockdown is protect the OS drive, but this is not possible.

 

Any advice appreciated thanks,

Craig



This thread was automatically locked due to age.
Parents
  • 0

    Hi Craig,

    I would create the exclusion to match the folder sitting on the server since the lockdown is actioning on the server and not the clients.

    I believe if you add a trailing backslash to your exclusion it will exclude everything nested under that folder.
    Eg. F:\ will exclude F:\example.exe and F:\nestedfolder\example.exe. 

    If you add a * at the end of your trailing backslash it should exclude everything under that folder but not nested folders. 
    Eg. F:\* will exclude F:\example.exe but not F:\nestedfolder\example.exe.

  • 0 in reply to MEric

    Hi MEric

    Thanks for your reply.

    Originally this is what I did, by excluding the Server's local drive paths with the trailing backslash.

    I expected this to work, but results show otherwise.

    e.g. I have excluded a local drive folder G:\ITG\Software\

    which contains all our installers, with the server unlocked I can delete .exe files under this structure via my mapped drive of I:\Software\

    When the server is in Lockdown mode, I can no longer do this. This is the result reported on the server.

    So I'm at a loss on how to make these exclusions work without leaving these Servers Unlocked or Moving this type of storage elsewhere where it's not under the protection of Sophos.

    Cheers,

    Craig

  • 0 in reply to CraigLloyd

     Hi Craig,

    I may have incorrectly assumed the Allowed files/folders section worked like SAV exclusions.  Unfortunately I do not use Lockdown in my environment nor do I have a server I could freely test this out on.  I suspect that the exclusion may not apply to nested folders at all which would not make creating exclusions for your scenario ideal.  Perhaps someone with more Server Lockdown experience may be able to comment on this?

Reply
  • 0 in reply to CraigLloyd

     Hi Craig,

    I may have incorrectly assumed the Allowed files/folders section worked like SAV exclusions.  Unfortunately I do not use Lockdown in my environment nor do I have a server I could freely test this out on.  I suspect that the exclusion may not apply to nested folders at all which would not make creating exclusions for your scenario ideal.  Perhaps someone with more Server Lockdown experience may be able to comment on this?

Children
No Data
Unfiltered HTML