Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 11672 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Environment Variables?

antihippy

Hi All,

This feels like a dumb question.

Can you use windows environment variables such as %windir% or not? I see that "%" is not listed as a wildcard character of any description so:

As a file exclusion:

Is it just treated as another character? Does this mean that %windir% gets literally translated as %windir% rather than C:\Windows.

Sophos recommends looking at your OS supplier documentation (in this case it's MS) for AV exclusions. Looking at MS document there's quite a lot to look at. See here: https://support2.microsoft.com/kb/822158?wa=wsignin1.0 and also http://www.networkdefend.com/avexclusions.txt

:53971


This thread was automatically locked due to age.
  • 0

    Hello antihippy,

    both questions have been discussed more than a few times in this forum.

    Short answers:

    % is a valid character for a name and not interpreted in any way. Furthermore, although it's not immediately obvious, environment variables are per user and thus not unambiguous. 

    As for exclusions - they are not sine qua non (the MS KB article states that [the recommendations] may help an administrator determine the cause of potential instability), in most cases you won't encounter issues even when none are set.

    Christian   

    :53973
  • 0

    Interesting. I guessed it would be you who would jump in on  this one.  ;)

    I am told by the person who I work with that SOPHOS in this environment has had issues when left alone in its default state - problems I've fixed with the SEC aside.

    Yes I know that it has been discussed before but it's never very clear what the outcome actually is. You say that "%" is just treated as part of the name. That's chiming with what I've been reading. So for each file I want to exclude I will have to specify the literal paths. I accept that now. Sophos could help everyone out by explicitly stating a best practise in a windows environment. Or could someone just stick something about windows variables somewhere easy to find in the knowledbase or put a sticky up in the forum?

    Now you might say "that sounds a little sniffy" but then you're not the guy who's just sat there and told someone else a variation of your comment and had to deal with their [quite loud] reply.

    :53975
  • 0

    Hello antihippy,

    sorry if I've told you what you already know (and which apparently evokes quite loud replies) - wasn't clear (at least to me) from your post. I've simply too many idle cycles at hand when waiting for other work to get finished :smileytongue:.

    Agreed, Sophos could explicitly state no variables in a path. A variable might not exist (or have an unexpected value) in the context of the accessing user (and it'd be a challenge to obtain it anyway) and SAVService runs a Local Service ...

    Unfortunately while you can export/import exclusions in SEC you can't export them from the local GUI (but perhaps you could generate them from a template?). And you need an additional group/policy for each absolute representation of a logically identical path.

    Christian   

    :53979
  • 0
    Hi,
    I' be been looking at the new Server beta in Sophos Cloud and that permits variables in exclusions. Based on the version of the Server client it looks like something that might be coming to the on premise version of sav at some point. Regards, Jak
    :54097