I'd like to use System Variables for AV exclusions. Can you tell me if this is possible (doesn't seem to be when I've played with it) and if it is possible, what is allowed?
If you can point me to an appropriate KB article that would be great.
Thanks in advance!
Hi Jak,
Thanks for the straight forward answer. I was hoping to use system variables for several different exclusion scenarios, here are a couple of examples:
the system drive could be different to the usual C: drive
You don't have to specify the drive. But a localized version of Program Files poses a challenge (but no longer in Win7)
D:\Documents and Settings\User1\Local Settings\
I recommend against excluding these. To repeat - do not exclude a user's Local Settings. In rare cases it makes sense to exclude a specific (program) folder from on-access scanning but then you should perform regular scheduled scans in these areas.
Christian
Apart from the inherent "danger" of exclusions - what could be specified with a system variable in the middle of the path which needs to be (generally) excluded? And - are you talking about on-access or scheduled scanning? Just trying to understand where this could help you.
Christian
I was asked about why I would want to use system variables in an exclusion and after getting swamped with other things I let it pass. And now I get handed a list of exclusions that include system variables once again so I thought I'd list them here as an example of exclusions needed based on variables:
Of course, there are many others, but its the system variable (%ZENWORKS_HOME%) that I want to be able to set exclusions on rather than having to enter every permutation of the ZENworks home directory. On my old XP machine, the above variable points to: C:\Program Files\Novell\ZENworks\
So, are there plans to allow exclusions using system variables somewhere in the path?
Hi Christian,
The exclusions are recommended by Novell for endpoints running ZENworks agents (see Novell knowledgebase article: 7007545).
The one example that I shared with you earlier:
Actually results in several exclusions (for our possible endpoint configurations):
Then there's the short file names that have to be added too:
So you see, for the want of one system variable, I have to add eight exclusions. When you have several exclusions to add, that makes it difficult to manage.
Please, let me have system variables in a future version :smileysad:
Hello Neil,
reading the article:
This doesn't sound very convincing :smileywink: - significant HDD I/O ... scanning of all of this activity who says that a decent AV product would do this? Even if, say, analyze.exe would be called several hundred times during logon it'll likely be scanned only once. There have been issues with scanning certain applications (3dsmax for example) but these shouldn't be resolved by once and forever excluding them. [Edit: I had to leave yesterday - here's the rest] Indeed I wouldn't feel confident with permanent exclusions on a client. The article is IMO cryptic (or maybe I just can't grasp its intricacies ): Scheduling Anti-Virus Software and Signature updates during Boot [can also considerably slow down a device's initial logon ] - yeah, sure, obvious. Now what's Boot here especially if you also employ Network Access Control (which would then require the updates anyway)? And reading the whole sentence I doubt that I can correctly read and understand English: In addition to AV Scanning Exclusions, Anti-Virus activity scheduled to occur at startup can also considerably slow down a device's initial logon. To me it says "exclusions can slow down" ... :smileysurprised:
But it's a nice segue back to the System Variables. One question is what should be done if a variable doesn't resolve (I think the exclusion must be ignored) and which variables should be considered? Would you expect %UserProfile% to work? Keep in mind that they don't necessarily contain a path at all. Oh, would you permit the %PATH% variable? Or recursion? You see, it's not that simple. Apart from that it would save you from explicitly specifying the "short names". Then there's the question when to resolve them - at startup and whenever a policy is changed (how to evaluate policy compliance is another matter)? To me it's a can of worms ...
Christian
Christian
Hello all, new to this forum and i was looking for an answer to the same question as the OP.
I am rolling out Sophos to our servers and i would like to be able to use the variables used in the official MS KB article for file level scanning on a Exchange 2010 server
echo %ExchangeInstallPath% C:\Program Files\Microsoft\Exchange Server\V14\
When deploying to several Exchange 2010 servers with different installations paths i wouldnt need as many exclusions as i do now.
The same could be said for any server with IIS or MS SQL
Regarding which variables should be allowed. This could be a list published by Sophos and the variables should evaluated on runtime just as normal exclusions. It would still be our responsibility that they evaluate to a valid path. Especialy for %ExchangeInstallPatth% which ends in '\' unlike other systemvariables
Regards
Niels
