Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 7520 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Questions on Sophos Exceptions

DaveB

Hello all,

I am new to this forum.

In looking at Endpoint Protection documentation I could not find some answers.

Currently running Endpoint 10.3 on both Windows 2003 and Windows 2012.

Also I am running in standalone mode here on specific servers.

Here are some questions.

1. When configuring Sophos exceptions, there are 2 places where I can configure. a) on-access b) on-demand and HIPS.

    I am configuring exceptions for Active Directory. I see in the on-demand section these settings are global and affect all scans.

    Does this mean I can configure in on-demand and this will also cover on-access scanning as well? Or do I need to configure

    both on-demand and on-access exclusions for this to work properly?

2. Lastly, Where is the location of the exclusions list? I have read they are held in machine.xml, but after adding them I do not see them in the xml file? Is this the correct file or are exclusions kept elsewhere? I have a large number of similar servers to deploy exceptions to and want to be able to stage exceptions per server type? I realize that there may be steps on service shut down to do before replacing files, but wondered if this type of automation has been done and where exceptions are stored.

Any help is appreciated.

David. 

:46443


This thread was automatically locked due to age.
  • 0
    Hello David,

    well, you sure have a good reason for running (several of) them standalone (though what this could be evades me for the moment).
    Anyway,
    1. on-demand and on-access settings are independent
    2. are you thinking of copying machine.xml? While it no longer contains SID values it's still machine-specific so copying from one machine to another might have unwanted effects. This being an XML file you could replace/update specific tags though (after stopping savservice).

    Christian
    :46447
  • 0
    1. On-access and on-demand are separate and have to be configured individually.
    2. Yep, in machine.xml...
      10-01-2014 15-45-48.png

      ...just make sure you add the exclusion and then save the change with the GUI (close it down).

    The supported method is to add via the GUI only, but that's not to say adding to the machine.xml direct wouldn't work - just that it's not designed that way, not been tested, and you're trail blazing. ;o)

    Hint:  The content of machine.xml is held in memory.  When the Sophos Anti-Virus service shuts down the copy of the memory is written back to machine.xml.  Hence stop the SAVService before changing the XML file (with the service running it's being read and written often).

    :46449
  • 0

    Thanks. I am running standalone for now as this is a new environment. It will change later. Ideally you are correct that we should manage it through console but we are mirroring environments so we are not quite there.

    Its a bummer that exceptions are different, but so be it. Thanks for the input and help.

    :46451