This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos AV on MS Cluster

shawn_38 over 12 years ago

Hi all,

I have question about installing Sophos on a Microsoft Cluster.

The quorum disk is a Cluster Shared Volume connected with FC. We don't want to assign a drive letter to the quorum

disk, so nobody can accidentally access the quorum disk or save data on this disk.

Microsoft recommends to exclude the quorum disk from scanning.

I' ve checked the option "exclude remote files" in the Antivirus and HIPS policy.

Does Sophos AV recognizes the quorum disk as a remote disk and doesn't scan the files or what other possibilities do I have to not scan the quorum disk. Assigning a drive letter is no option for us.

Thanks in advance.

This thread was automatically locked due to age.

Parents

0 QC over 12 years ago

In reply to my own post ... put EICAR on an "unlettered" volume and then let on-access detect it. The path to eicar.com shown in the log is \\.\Volume{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}\ (note the "." in \\.\Volume). So I set a folder exclusion using this string and it works. Guess one could exclude the quorum disk this way.
Christian
:41517
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 12 years ago

In reply to my own post ... put EICAR on an "unlettered" volume and then let on-access detect it. The path to eicar.com shown in the log is \\.\Volume{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}\ (note the "." in \\.\Volume). So I set a folder exclusion using this string and it works. Guess one could exclude the quorum disk this way.
Christian
:41517
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data