This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Filescanner exceptions for network drives

We need to exclude some files from Sophos File Scanner on network drives.

Lets say we have mapped drive N:\ with \\server1\share1

I tested access and logged with procmon and SFS debug logs, what is scanned, when opening N:\file1

I can see \\server1\share1\file1 logged in procmon and Sophosfilescanner.log

2024-05-04T15:19:23.715Z [11524: 7816] D Scan request: {"correlationId":"C47BB7C4-E9DA-4C4A-810A-033A0D5F4E73","path":"\\\\server1\\share1\\file1","requestType":"Scan","saviProperties":null,"scanConfig":"Default","scanId":{"!uint64":"2001136983723857931"},"size":{"!uint64":"112405"},"timeout":"30000"}

So I created the Sophos exception for \\server1\share1\file1 and found it was still scanned by SFS.

When I open the file not using drive N:\ but UNC path \\server1\share1\file1 directly, it is not scanned by SFS.

When I create the exception for N:\file1 it is not scanned by SFS.

Unfortunately this way is a bit insecure because you cannot say that drive N is the network share. It may also be some USB drive attached or an other mounted network drive to \\server200\share2

We would also not want the users to access their resources only by UNC path.

Is there a good way to make Sophos Endpoint able to understand UNC path exceptions for network drives?



This thread was automatically locked due to age.
Parents Reply Children