default on-access scan windows exclusions

Hi nikolaj 

Yes, the exclusions in the picture are there by default. In case you need to add any particular exclusion you could do that here.

Where was this screenshot take from?

Is this from a Enterprise Console dialog or from the managed client?

I assume this is a SEC managed client?  

What version of SEC is it?

Regards,

Jak

It is from the Enterprise Console dialog.

If you create a new Anti-Virus and HIPS policy and look at the same config section, I assume none of these entries exist and scanning of remote files is also not disabled.

Regards,

Jak

I think the same Jack, in fact If I go to see the "Default" policy under "Antivirus and HIPS", I don't see anything under the windows exclusions.

Yeah, they have been added by someone with access to your SEC server, maybe a previous admin, they are not default.

If you need guidance regarding certain roles see:

https://community.sophos.com/kb/en-us/35970

Regards,

Jak

So why in the "Default" policy under "Antivirus and HIPS", none of these entries exist?

They are not default.  Someone has chosen to add them to your policy.

Many of the entries on that list aren't scanned by default beyond checking they are not executable anyway.

I would remove them all and re-enable scanning of remote files.  

Just follow the article I mention for any specific roles the computers that are using that AV policy.

*.jar is a concern as you excluding all .jar files from all locations on disk.

Regards,

Jak

 "scanning of remote files" means the shares for example?

.jar by default is scanned and is better leave this way?

Yes, scanning of a file, say opened by a local process on a remote file share.  E.g. \\server\share\1.exe.

You would want to scan .jar files.  The only reason you may not is if you had a specific Java application which was suffering performance issues.  Even then, you would exclude files in a specifc location to minimize risk rather than all .jar files on the system.  This might also follow submitting sample files to Support to see if there was a reason there was a performance issue scanning them.

Regards,

Jak