Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 11961 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allowing users to add scanning exclusions?

tsachen

We are running Sophos Anti-Virus 9.1.8 for Mac, on OS 10.9.5.  We are looking for a way to setup a policy to allow our more advanced users to manipulate items in the quarantine, and I really have 2 main questions:

1.) Is it possible for a user to release something from the quarantine?  The least restrictive option I can find in the policy GUI is "deny access only", which still prevents the user from marking the item as safe.

2.) Is it possible to allow users to create their own custom exclusions?  We have found that this works if the user has the Tamper Protection password, but we'd prefer not to give them that as it would also allow them to stop the service completely or uninstall it.

Has anyone run into a situation like this or have any suggestions for best practice around this?

:55475


This thread was automatically locked due to age.
Parents
  • 0

    Thanks for your reply, that helps confirm that what we are trying to do isn't available currently.

    As for the why, the teams in question are white hat hackers, pentesters, and malware researchers.  There are plenty of hacking-related tools that can be used for legitmate purposes but Sophos flags as dangerous or suspicious (ie, Metasploit, etc...).  We were looking to keep the machines still protected at a basic level while allowing the users to un-quarantine false positives, or, in some cases, samples that need to be researched.

    :55504
Reply
  • 0

    Thanks for your reply, that helps confirm that what we are trying to do isn't available currently.

    As for the why, the teams in question are white hat hackers, pentesters, and malware researchers.  There are plenty of hacking-related tools that can be used for legitmate purposes but Sophos flags as dangerous or suspicious (ie, Metasploit, etc...).  We were looking to keep the machines still protected at a basic level while allowing the users to un-quarantine false positives, or, in some cases, samples that need to be researched.

    :55504
Children
No Data