Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 16 subscribers
  • Views 3517 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Exclusion Questions

Lance Boon

According to Sophos KB-000035264  support.sophos.com/.../KB-000035264 it states the following "By default, Sophos Central automatically uses vendor-recommended exclusions for certain widely-used applications. You can also set up your own exclusions in your policy." I have servers that should be detected and added in their vendor-recommended exclusions as they are on the list. If I go to Overview > Devices > Servers and then click on the server  and then go to Exclusions. If  filter to the Exclusions added automatically I don't see anything in there. If I go to All Exclusions then I do see the list that I added in there. 

1. If you add Global exclusions does that prevent the auto added exclusions from happening?

2. If those auto added exclusions don't appear in there then do I manually have to add them?

3. Is there a way to import an exclusion list rather than manually having to do every single one?

Thanks



This thread was automatically locked due to age.
  • 0

    Hi There, 

    Thank you for reaching us, Can you share with us what product are you currently using on your server was it SQL or Citrix? are you observing this to only one server or more servers? In addition to this, there’s an issue related to the recommended vendor exclusion which is not showing a few months back but it's already been sorted out. So I would also like to ask If you could create a case as well then collect the SDU logs on the server in question and share it with me through DM. Share as well your Central license and enable the remote assistance to it for us to further check this issue. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0

    Glenn,

    I am running into this on SQL, Exchange, and Citrix, not a single one of those servers are showing anything under the auto added exclusions. Currently using intercept x for servers/endpoints I have a case open but the response I received from support was "It gets added if Machine Learning detects it and adds the exclusions, however it is possible that they don't get added automatically. Since you don't see them in there, it was not added automatically." 

  • 0 in reply to Lance Boon

    Thank you Lance for sharing the info, allow me to further validate the SDU and get back to you. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0 in reply to Lance Boon

    C:\ProgramData\Sophos\Endpoint Defense\Logs\sam.log might be interesting to look at.

  • 0 in reply to Sophos User930

    As advised by our Sr. Engineer on the case that you've provided.  It's been mentioned there that, When Sophos is on the device, our product will look into the registry for specific components for these servers.
    Just installing SQL for example does not trigger an automatic addition to the exclusions.
    Some components of SQL will create registry keys, which if Sophos sees, will go "ah, here's a thing that requires this specific exclusion!" and will then automatically create the related exclusion. If these SQL components are never installed, then Sophos won’t create any exclusion

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Unfiltered HTML