Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 15 subscribers
  • Views 3101 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Importing and Exporting File Exclusions in Central

LHerzog

Hello,

I'm missing the possibility to import and export definitions in Central.

Is this just hidden to me or does this feature still not exist?

There is a FR from 2017 on this.

https://ideas.sophos.com/forums/428821-sophos-central/suggestions/17775037-central-cloud-exclusions-export-import

Vendors like Trend Micro for example allow adding more than one object by using definded delimeters between the paths.

e.g. %ProgramFiles(x86)%\ProgramA\a.exe; %ProgramFiles(x86)%\ProgramB\b.exe; ...

It's really no nice task to add all one by one from hand  if you have many exclusions - and some day I may need to export all this to an other policy - same again. A real pain and lack of functionality.



This thread was automatically locked due to age.
Parents
  • 0

    I'm curious to know what these exclusions might be and if they are all genuinely required?

    I can think of one way to add multiple exclusions by calling the API directly rather than using the browser.  For example, if you were creating a new threat protection policy, called Test, then go to the exclusions page and enter a couple of example exclusions, but don't save it.  Then bring up the Dev tools of the browser, switch to the network view, choose XHR as a filter and click save, You should see a PUT request to an API such as https://dzr-api-amzn-eu-west-1-9af7.api-upe.p.hmr.sophos.com/api/v1/policies/601070f265b5b93569f41267 

    This put request can then be converted to a PowerShell command for example by right clicking on the request, choose Copy and then Copy as PowerShell.  Paste this into Powershell ISE or a text editor of choice, add the additional exclusions to the body, following the test ones as a guide and then execute the PS.  This will "put" the new policy.  You can then refresh the UI to see it has been added.

    Hope it helps.

Reply
  • 0

    I'm curious to know what these exclusions might be and if they are all genuinely required?

    I can think of one way to add multiple exclusions by calling the API directly rather than using the browser.  For example, if you were creating a new threat protection policy, called Test, then go to the exclusions page and enter a couple of example exclusions, but don't save it.  Then bring up the Dev tools of the browser, switch to the network view, choose XHR as a filter and click save, You should see a PUT request to an API such as https://dzr-api-amzn-eu-west-1-9af7.api-upe.p.hmr.sophos.com/api/v1/policies/601070f265b5b93569f41267 

    This put request can then be converted to a PowerShell command for example by right clicking on the request, choose Copy and then Copy as PowerShell.  Paste this into Powershell ISE or a text editor of choice, add the additional exclusions to the body, following the test ones as a guide and then execute the PS.  This will "put" the new policy.  You can then refresh the UI to see it has been added.

    Hope it helps.

Children
Unfiltered HTML