Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 11961 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allowing users to add scanning exclusions?

tsachen

We are running Sophos Anti-Virus 9.1.8 for Mac, on OS 10.9.5.  We are looking for a way to setup a policy to allow our more advanced users to manipulate items in the quarantine, and I really have 2 main questions:

1.) Is it possible for a user to release something from the quarantine?  The least restrictive option I can find in the policy GUI is "deny access only", which still prevents the user from marking the item as safe.

2.) Is it possible to allow users to create their own custom exclusions?  We have found that this works if the user has the Tamper Protection password, but we'd prefer not to give them that as it would also allow them to stop the service completely or uninstall it.

Has anyone run into a situation like this or have any suggestions for best practice around this?

:55475


This thread was automatically locked due to age.
Parents
  • 0

    Hello tsachen,

    [users may ] create their own custom exclusions ... Tamper Protection [enabled]

    IMO this is (more than) somewhat contradictory - as you can effectively exclude everything so you might as well permit them to disable or uninstall the software.

    marking the item as safe

    Well, Macs don't (yet) scan for Adware and PUAs or feature Application Control where Authorization would apply thus marking the item as safe is not available and they'd have to be excluded. More important - rating a detected item as safe would be second-guessing the Labs - if you're sure your users can rightly do so they must be more than more, they must be pretty advanced :smileytongue:. Seriously - there'll always be false positives but the proper way to deal with them is to submit them to the Labs (and I wouldn't even temporarily exclude an item before it's confirmed as being clean).

    Do you also allow some of your Windows users to mark an item as safe? If not, what makes Mac users different?  

    Christian 

    :55489
Reply
  • 0

    Hello tsachen,

    [users may ] create their own custom exclusions ... Tamper Protection [enabled]

    IMO this is (more than) somewhat contradictory - as you can effectively exclude everything so you might as well permit them to disable or uninstall the software.

    marking the item as safe

    Well, Macs don't (yet) scan for Adware and PUAs or feature Application Control where Authorization would apply thus marking the item as safe is not available and they'd have to be excluded. More important - rating a detected item as safe would be second-guessing the Labs - if you're sure your users can rightly do so they must be more than more, they must be pretty advanced :smileytongue:. Seriously - there'll always be false positives but the proper way to deal with them is to submit them to the Labs (and I wouldn't even temporarily exclude an item before it's confirmed as being clean).

    Do you also allow some of your Windows users to mark an item as safe? If not, what makes Mac users different?  

    Christian 

    :55489
Children
No Data