Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 12149 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AV Exclusions via Wild Card

LoXodonte

I'm trying to exclude XSN forms downloaded through our intranet from Sophos Scans. First I assumed that anything on the intranet should not be scanned, but to be safe I thought it might be best to create an exclusion, but adding FORM*.xsn is not allowed.

Is it not possible to have wildcards to match the first characters of a file name? We don't want to exclude all XSN forms, just the forms that meet a specific naming convention.

:55851


This thread was automatically locked due to age.
Parents
  • 0

    Hello LoXodonte,

    was still being scanned

    how did you find out? Because you received an alert, or?

    first by Web On access scanning, then by On access ...

    what is Web On access scanning? And again, how did you find out? I'm asking because exclusions are perhaps not the optimal response to the actual issue. If you mean Download scanning it inspects part of the data before passing it on to the browser - exclusions don't apply here. As you didn't say what the issue is I can only speculate. Either Download scanning results in a browser hang or similar issue, or it block the form - in both cases on-access exclusions won't help (and there wouldn't be a then by On access).

    Anyway, the ?-pattern is supposed to work (I've just tried with SavTest32.exe from the SEC installer \Tools subdirectory using the exclusion eic???.com and the test failed as expected).

    Christian         

    :55994
Reply
  • 0

    Hello LoXodonte,

    was still being scanned

    how did you find out? Because you received an alert, or?

    first by Web On access scanning, then by On access ...

    what is Web On access scanning? And again, how did you find out? I'm asking because exclusions are perhaps not the optimal response to the actual issue. If you mean Download scanning it inspects part of the data before passing it on to the browser - exclusions don't apply here. As you didn't say what the issue is I can only speculate. Either Download scanning results in a browser hang or similar issue, or it block the form - in both cases on-access exclusions won't help (and there wouldn't be a then by On access).

    Anyway, the ?-pattern is supposed to work (I've just tried with SavTest32.exe from the SEC installer \Tools subdirectory using the exclusion eic???.com and the test failed as expected).

    Christian         

    :55994
Children
No Data