Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 8024 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exclude Remote Files

BeaconLightBoy

I have a computer in a policy that has 'exclude remote files' set under windows exceptions.  Whenever i attempt to run a 'test virus file' on a network drive, it immediately is quarantined.  why is this?  I set it to exclude remote files.  so if i run a bad file off of a network drive, then it should run yes?

if i am wrong, then what good is this setting?  as every application or file you accessfrom the network is going to be loaded locally first.

:15319


This thread was automatically locked due to age.
  • 0

    Hi,

    Is it excluded when accessing it via the full UNC path?

    Is i just as a mapped drive it isn't?

    If you exclude the mapped drive letter does that help?

    Regards,
    Jak 

    :15323
  • 0

    so if i run a bad file off of a network drive, then it should run yes?

    I'd say in reality you wouldn't want this to happen :smileywink:. 

    Again, if it doesn't work as expected take a closer look at the log: Which threat has been reported, the file it has been detected in and the path. As two machines were involved (you didn't "loop back", did you?) - was Sophos running on the remote machine? Did you get the alert on the local machine where remote files had been excluded? Sorry if this is a dumb question. 

    Christian

    :15329
  • 0

    It appears to me that the exclude remote files doesn't work on mapped drives.  Neither does excluding them.  What's odd is that i entered the exclusion on the mapped drive, but it detected it via UNC.  but then denied location is a mapped drive.  I also also told the policy to exclude the UNC path as well, it finds the virus no matter what.

    20110804 130235 Virus/spyware 'EICAR-AV-Test' has been detected in "\\FS-1\FS-1_E\N-Drive\Apps\MAS_90\eicar.com". Cleanup unavailable.
    20110804 130235 On-access scanner has denied access to location "N:\Apps\MAS_90\eicar.com" for user domain\username      (79 items)

    :15335
  • 0

    Could  you please post the exclusions you used? (and I'll run some tests with excluding remote files tomorrow)

    Edit: Works as expected - excluded "All remote files" (using the local GUI as well as by policy - you'll note that in the GUI it looks identical) and was able to access eicar.com both via a mapped drive and a UNC path.

    As for UNC vs. drive letter please see my reply on the Validating exceptions thread.

    Christian

    :15339