Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 2993 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Database Query Scan Exclusions

shawn_38

Hi,

I'd like to export periodically the on-access scan exclusions defined in the Antivirus-/HIPS policy but I didn't find where these informations are stored in the database. We use Version 5.0

Can anyone provide me with this information?

Thanks.

:38567


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    How about something like the following code.

    1. Save as something.vbs

    2. Edit the variables at the top:

    strServerName       
    strInstanceName
    strDatabaseName

    as required for you install.

    Code:

    const ForWriting = 2

strServerName       = "databaseservername"
strInstanceName     = "sophos"
strDatabaseName     = "Sophos50"
strConnectionString = "Driver={SQL Server};Server="&strServerName&"\"&strInstanceName&";Database="&strDatabaseName&";Trusted_Connection=yes;"

strSQL = "SELECT p.name, p.policyxml.query(' " &_
     " declare namespace SAV=""http://www.sophos.com/EE/EESavConfiguration""; " &_
     "   (/SAV:config/SAV:onAccessScan/SAV:exclusions/SAV:filePathSet/SAV:filePath) " &_
     "  ') as Exclusion " &_
" FROM policies as p with (nolock) " &_
" where p.type = 2 "

set cn = CreateObject("ADODB.Connection")
cn.open strConnectionString

Set rs = CreateObject("ADODB.Recordset")
rs.Open strSQL , cn, adOpenDynamic

' Write file to disk
set fso = CreateObject("Scripting.FileSystemObject")

' Loop for each record
Do Until rs.EOF

   strPolicyName = rs("Name")
   strXMLOfPolicy = rs("Exclusion") 

   if strXMLOfPolicy <> "" then
     CreateFile strPolicyName, strXMLOfPolicy
   end if
   
  
  rs.movenext
Loop

'cleanup
set cn = nothing
set rs = nothing

Function  CreateFile (strName, strXML)
 

 on error resume next

 
 
      set file = fso.OpenTextFile(strName & "-Exclusions.txt", ForWriting, True)
      arr1 = split (strXML, "<SAV:filePath xmlns:SAV=""http://www.sophos.com/EE/EESavConfiguration"">")
      for a = 0 to ubound (arr1)
          if arr1(a) <> "" then
             file.writeline replace(arr1(a), "</SAV:filePath>", "")
          end if
       next
       
       file.close
       
       set file = nothing

   
End function

    Regards,

    Jak

    :38573
Reply
  • 0

    Hi,

    How about something like the following code.

    1. Save as something.vbs

    2. Edit the variables at the top:

    strServerName       
    strInstanceName
    strDatabaseName

    as required for you install.

    Code:

    const ForWriting = 2

strServerName       = "databaseservername"
strInstanceName     = "sophos"
strDatabaseName     = "Sophos50"
strConnectionString = "Driver={SQL Server};Server="&strServerName&"\"&strInstanceName&";Database="&strDatabaseName&";Trusted_Connection=yes;"

strSQL = "SELECT p.name, p.policyxml.query(' " &_
     " declare namespace SAV=""http://www.sophos.com/EE/EESavConfiguration""; " &_
     "   (/SAV:config/SAV:onAccessScan/SAV:exclusions/SAV:filePathSet/SAV:filePath) " &_
     "  ') as Exclusion " &_
" FROM policies as p with (nolock) " &_
" where p.type = 2 "

set cn = CreateObject("ADODB.Connection")
cn.open strConnectionString

Set rs = CreateObject("ADODB.Recordset")
rs.Open strSQL , cn, adOpenDynamic

' Write file to disk
set fso = CreateObject("Scripting.FileSystemObject")

' Loop for each record
Do Until rs.EOF

   strPolicyName = rs("Name")
   strXMLOfPolicy = rs("Exclusion") 

   if strXMLOfPolicy <> "" then
     CreateFile strPolicyName, strXMLOfPolicy
   end if
   
  
  rs.movenext
Loop

'cleanup
set cn = nothing
set rs = nothing

Function  CreateFile (strName, strXML)
 

 on error resume next

 
 
      set file = fso.OpenTextFile(strName & "-Exclusions.txt", ForWriting, True)
      arr1 = split (strXML, "<SAV:filePath xmlns:SAV=""http://www.sophos.com/EE/EESavConfiguration"">")
      for a = 0 to ubound (arr1)
          if arr1(a) <> "" then
             file.writeline replace(arr1(a), "</SAV:filePath>", "")
          end if
       next
       
       file.close
       
       set file = nothing

   
End function

    Regards,

    Jak

    :38573
Children
No Data