Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 3898 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Validating Exceptions

BeaconLightBoy

Does anyone know any way to validate the exceptions we enter under on access scanning are indeed being excluded.  I have had an issue with exclusions not working in the past, especially directory based exceptions, and recently another problem has come to light and i want to be sure the excluded files are not being scanned.  Any idears?

:15277


This thread was automatically locked due to age.
Parents
  • 0

    I'm not sure how you set up your tests: which file(s) you use for testing, where they reside and how you copy them. Does on my file server mean you are testing locally on the server? Sounds like you are using a browser (which one) and the message is part of the browser's save dialog. Sophos' messages are easily identifiable (if it doesn't look like Sophos it isn't Sophos :smileyhappy:) and only the DLP component offers a choice. Browsers, unpackers and other applications might also use temporary copies which further complicate testing.

    In order to verify that certain paths are actually excluded it's best to

    1. configure the exclusions
    2. turn off on-access scanning
    3. put the test file(s) in the directories of interest (optionally rename them if you want to exclude file patterns)
    4. turn on-access on again
    5. access the files/directories using the applications of interest (note that it might be necessary to use also the 8.3 names in the exclusion list)
    6. if files are unexpectedly blocked look at SAV.txt and compare the displayed paths with your exclusions

    If you still are getting "incomprehensible " results please post as many details as possible 

    Christian

    :15325
Reply
  • 0

    I'm not sure how you set up your tests: which file(s) you use for testing, where they reside and how you copy them. Does on my file server mean you are testing locally on the server? Sounds like you are using a browser (which one) and the message is part of the browser's save dialog. Sophos' messages are easily identifiable (if it doesn't look like Sophos it isn't Sophos :smileyhappy:) and only the DLP component offers a choice. Browsers, unpackers and other applications might also use temporary copies which further complicate testing.

    In order to verify that certain paths are actually excluded it's best to

    1. configure the exclusions
    2. turn off on-access scanning
    3. put the test file(s) in the directories of interest (optionally rename them if you want to exclude file patterns)
    4. turn on-access on again
    5. access the files/directories using the applications of interest (note that it might be necessary to use also the 8.3 names in the exclusion list)
    6. if files are unexpectedly blocked look at SAV.txt and compare the displayed paths with your exclusions

    If you still are getting "incomprehensible " results please post as many details as possible 

    Christian

    :15325
Children
No Data