This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exclusion of OneDrive / Dropbox

Good Morning,

what would be the best way to exclude OneDrive and Drop Box from scanning?

There are Environment Variables OneDrive and OneDriveCommercial which Point to the users drive. They seem not to be supported.

According to only some variables are supported.

How do I exclude

OneDrive=C:\Users\<Username>\OneDrive - <Companyname>
OneDriveCommercial=C:\Users\<Username>\OneDrive - <Companyname>

Where <username> is the name of the user.

How do I handle Dropbox?

How do I prevent Sophos AV to download "synbolic links" in these drives and prevent my computer to be flooded with files from the cloud?

Best regards,


This thread was automatically locked due to age.
  • Hi Bernd,

    Firstly, I'd check you're happy to exclude these locations, but I'll leave that decision up to you :)

    Following the linked article, you can use the %User profile% variable, which will match anything in C:\Users\*.

    Therefore, if you wanted to exclude files from:

    OneDrive=C:\Users\JohnRambo\OneDrive - CupCakeCompany
    OneDriveCommercial=C:\Users\KyleReese\OneDrive - SecurityCompany

    You would just use

    OneDrive=%User profile%\OneDrive - CupCakeCompany
    OneDriveCommercial=%User profile%\OneDrive - SecurityCompany

    You can do exactly the same with DropBox. The default Dropbox folder is located at C:\Users\username\ so you can just use %User profile%.

    Again, if you wanted to exclude C:\Users\EllenRipley\DropboxForWeylandYutani you would just use the exclusion %User profile%\DropboxForWeylandYutani.

    Hope that helps!

    Best regards,

    Data Encryption
    Global Escalations Team

  • Hi, thanks for your help.


    Just to clarify - the wish to exclude this came from the fact that a full scan follows "symbolic links" and downloads the files in the OneDrive even if they are meant to stay in the cloud.

    Need to exclude completely, exclude except for on access scan or find another way that prevents Sophos to follow "symbolic links" to cloud content.