We need to exclude some files from Sophos File Scanner on network drives.
Lets say we have mapped drive N:\ with \\server1\share1
I tested access and logged with procmon and SFS debug logs, what is scanned, when opening N:\file1
I can see \\server1\share1\file1 logged in procmon and Sophosfilescanner.log
2024-05-04T15:19:23.715Z [11524: 7816] D Scan request: {"correlationId":"C47BB7C4-E9DA-4C4A-810A-033A0D5F4E73","path":"\\\\server1\\share1\\file1","requestType":"Scan","saviProperties":null,"scanConfig":"Default","scanId":{"!uint64":"2001136983723857931"},"size":{"!uint64":"112405"},"timeout":"30000"}
So I created the Sophos exception for \\server1\share1\file1 and found it was still scanned by SFS.
When I open the file not using drive N:\ but UNC path \\server1\share1\file1 directly, it is not scanned by SFS.
When I create the exception for N:\file1 it is not scanned by SFS.
Unfortunately this way is a bit insecure because you cannot say that drive N is the network share. It may also be some USB drive attached or an other mounted network drive to \\server200\share2
We would also not want the users to access their resources only by UNC path.
Is there a good way to make Sophos Endpoint able to understand UNC path exceptions for network drives?
EP version screenshot added
[bearbeitet von: LHerzog um 4:16 PM (GMT -7) am 6 May 2024]