Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 5871 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos on Domain Controllers - Server 2016

ericm272

Hi everyone,

After looking at the Sophos recommendations regarding deployment on DCs (link to Microsoft), I have a few questions that I can't find the answer to:

- Microsoft recommends only excluding certain files within directories. I know where to do this, but does Sophos support wildcards in the middle of strings? Ex: %windir%\Ntds\Res*.log

- Microsoft also suggests making sure the AV vendor is able to work well with FRS - I don't see Sophos in their list from 2017, although they do say they will not update it. Just want to make sure Sophos is good for this. We are using FRS across our DCs, so if files are marked as changed during a scan, this could be a big problem: support.microsoft.com/.../antivirus-backup-and-disk-optimization-programs-that-are-compatible-wi

Any general recommendations or lessons-learned anyone can share?

 

Eric



This thread was automatically locked due to age.
  • 0

    Hello Eric,

    Information on 10.6.4 explains the wildcards, I think Res*.log works but .log files aren't scanned anyway (and you can as well exclude *.log).

    Are you indeed talking about FRS (on 2016) and not DFS-R? marked as changed - I don't think that there's still an AV that does this (or lets it happen). With the "recommended" exclusions in effect there shouldn't be problems (and in most cases even without them).

    Christian

  • 0 in reply to QC

    Hi Christian, 

     

    Thanks for the quick reply! We are probably using DFS-R. I'm not in charge of that area but know we are replicating DCs. I see now FRS was deprecated, so I'm pretty confident it's not that. 

     

    I have incorporated the applicable Microsoft recommended exclusions, but had one more question. Does Sophos recognize the Windows path variables like %alluserprofiles% of do I need to create a more specific path? Also, are spaces okay or do I need to put the file path in quotes?

     

    Eric

  • 0 in reply to ericm272

    Hello Eric,

    please see Information on Sophos Endpoint Security and Control 10.6.3. Note that some (e.g. %Temp%) won't work for On-Access scanning.
    No quoting is needed (SEC will complain anyway). You can, BTW, use the savtst32.exe tool from the sec_5xx\tools\ folder to test your exclusions (path and filename can be set from the Drive menu item).

    Christian

Unfiltered HTML