MS SQL Process exclusions

Hi GaylaAlderette,

I am guessing by the "8.3 rule" you are referring to the https://community.sophos.com/kb/en-us/13045  

You may need to add the short name and long names IF you have filenames or folder names longer than 11 characters. In this case adding both path formats, would ensure you have the file or folder excluded in all scenarios. The short file name/path option is there to maintain backward-compatibility with legacy applications.

Yes, you are correct, you need to put in full path (with or without the drive letter or network share name ). Variables ? and * can be used only in a filename or extension.

More info on this here: https://sophserv.sophos.com/repo_kb/helpforkba/Endpoint-Security-and-Control/Version-10-3/Help/Eng/KBA/references/Specifying_excluded_items.html#referenceId

Here is the official KB with details on vendor exclusions: https://www.sophos.com/support/knowledgebase/35970.aspx 

Let us know if you had any other questions.

Cheers,

Voicu

Hi GaylaAlderette,

I am guessing by the "8.3 rule" you are referring to the https://community.sophos.com/kb/en-us/13045  

You may need to add the short name and long names IF you have filenames or folder names longer than 11 characters. In this case adding both path formats, would ensure you have the file or folder excluded in all scenarios. The short file name/path option is there to maintain backward-compatibility with legacy applications.

Yes, you are correct, you need to put in full path (with or without the drive letter or network share name ). Variables ? and * can be used only in a filename or extension.

More info on this here: https://sophserv.sophos.com/repo_kb/helpforkba/Endpoint-Security-and-Control/Version-10-3/Help/Eng/KBA/references/Specifying_excluded_items.html#referenceId

Here is the official KB with details on vendor exclusions: https://www.sophos.com/support/knowledgebase/35970.aspx 

Let us know if you had any other questions.

Cheers,

Voicu

Thanks Voicu,

I have explored the links you suggested and that was why the questions.

A couple more questions if you don't mind.  Since this has been delegated (creating new lists) to me and I am very new to this platform.  I have seen in our current exclusions this format.  That is why I have been trying to read as much as possible.  The group wants to get granular with exclusions down to our vendor apps not just Microsoft platforms and apply accordingly instead of globally to all.

In our exclusions currently I see the backslash with program files:

\%program files%\Microsoft SQL Server\MSASX.X\OLAP\Backup\

Is this an incorrect format according to your directions above.  It has to be a drive letter or network share?

Also I see this as an exclusion:

%systemdrive%\System Volume Information\DFSR\$db_normal$

With the $ sign.  I cannot find any documentation on this.  Is this a proper format?  Active directory and DC exclusions seem to be tricky so I want to be as precise as possible.  I have read and other vendors seem to have more flexibility in some of these wildcard areas.

We don't have any legacy systems as far as I know, I will verify, so I may not have to worry about the 8.3 rule then - correct?  We are mostly a VMware environment.  Tried Vsheild but it did not go well from what I understand with performance issues.

Thanks again for your support.  Look forward to your response.

Cheers!

Have been looking at MS exclusions and keep looking for instructions and would like to add to the above post.  Sorry!

When you have this

Replica_root\DO_NOT_REMOVE_NtFrs_PreInstall_Directory\Ntfrs*.*

What is the proper format in Windows exclusions with underscores and * in file names.

When MS suggests to exclude:

Group Policy client settings files. These files are located in the following folder:

Specifically, exclude the following file:

Hi Gayla,

Environmental variables are not supported as SEC exclusions. 

$ in the end of a share indicates a hidden/administrative share.

Please see the link specified before on the wildcards usage and other details on exclusions.

Cheers,

Voicu.