Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 15 subscribers
  • Views 3102 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Importing and Exporting File Exclusions in Central

LHerzog

Hello,

I'm missing the possibility to import and export definitions in Central.

Is this just hidden to me or does this feature still not exist?

There is a FR from 2017 on this.

https://ideas.sophos.com/forums/428821-sophos-central/suggestions/17775037-central-cloud-exclusions-export-import

Vendors like Trend Micro for example allow adding more than one object by using definded delimeters between the paths.

e.g. %ProgramFiles(x86)%\ProgramA\a.exe; %ProgramFiles(x86)%\ProgramB\b.exe; ...

It's really no nice task to add all one by one from hand  if you have many exclusions - and some day I may need to export all this to an other policy - same again. A real pain and lack of functionality.



This thread was automatically locked due to age.
Parents
  • 0

    I'm curious to know what these exclusions might be and if they are all genuinely required?

    I can think of one way to add multiple exclusions by calling the API directly rather than using the browser.  For example, if you were creating a new threat protection policy, called Test, then go to the exclusions page and enter a couple of example exclusions, but don't save it.  Then bring up the Dev tools of the browser, switch to the network view, choose XHR as a filter and click save, You should see a PUT request to an API such as https://dzr-api-amzn-eu-west-1-9af7.api-upe.p.hmr.sophos.com/api/v1/policies/601070f265b5b93569f41267 

    This put request can then be converted to a PowerShell command for example by right clicking on the request, choose Copy and then Copy as PowerShell.  Paste this into Powershell ISE or a text editor of choice, add the additional exclusions to the body, following the test ones as a guide and then execute the PS.  This will "put" the new policy.  You can then refresh the UI to see it has been added.

    Hope it helps.

  • 0 in reply to Sophos User930

     Thank you for your tip!

    This is really a way to work around the missing export import feature. But it's ugly!

    I tested it with firefox and could create a new policy with a preset of exclusions. In firefox I did'nt notice a feature export as powershell but I could choose "edit and send again"

    ["B:\\testB\\b\\","C:\\test\\","A:\\testA\\","F:\\testF\\\\F\\","C:\\test\\testitagain\\"]

    By adding more exclusions in the text values o the right side of the dev tools.

    Sophos User930 said:
    what these exclusions might be and if they are all genuinely required?

    Well, Microsoft for example requires exceptions for many server products to have a supported environment.

  • 0 in reply to LHerzog

    This is an awesome "hack" to do bulk exclusions. You could also hit the API directly as defined in the developer docs. Endpoint API | Sophos Central APIs

Reply Children
Unfiltered HTML