According to Sophos KB-000035264 support.sophos.com/.../KB-000035264 it states the following "By default, Sophos Central automatically uses vendor-recommended exclusions for certain widely-used applications. You can also set up your own exclusions in your policy." I have servers that should be detected and added in their vendor-recommended exclusions as they are on the list. If I go to Overview > Devices > Servers and then click on the server and then go to Exclusions. If filter to the Exclusions added automatically I don't see anything in there. If I go to All Exclusions then I do see the list that I added in there.
1. If you add Global exclusions does that prevent the auto added exclusions from happening?
2. If those auto added exclusions don't appear in there then do I manually have to add them?
3. Is there a way to import an exclusion list rather than manually having to do every single one?
I am running into this on SQL, Exchange, and Citrix, not a single one of those servers are showing anything under the auto added exclusions. Currently using intercept x for servers/endpoints I have a case open but the response I received from support was "It gets added if Machine Learning detects it and adds the exclusions, however it is possible that they don't get added automatically. Since you don't see them in there, it was not added automatically."
C:\ProgramData\Sophos\Endpoint Defense\Logs\sam.log might be interesting to look at.
As advised by our Sr. Engineer on the case that you've provided. It's been mentioned there that, When Sophos is on the device, our product will look into the registry for specific components for these servers.Just installing SQL for example does not trigger an automatic addition to the exclusions.Some components of SQL will create registry keys, which if Sophos sees, will go "ah, here's a thing that requires this specific exclusion!" and will then automatically create the related exclusion. If these SQL components are never installed, then Sophos won’t create any exclusion