Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 5 subscribers
  • Views 12378 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exclude Process, the regkey still working ?

SylvainJEANNE

Hi,


I saw on other topics that we can exclude process for the realtime scan (many like https://community.sophos.com/products/endpoint-security-control/f/3/p/4011/9339)
.

I tried to do the same, with 2 basics process : notepad.exe and savtst32.exe

But it still scanning :(

Here, my regkey :

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVOnAccess]
"ExcludedProcess0"="notepad.exe"
"ExcludedProcess1"="savtst32.exe"

Context : Sophos Endpoint Security and Control, version 10.6.3.537

Have you an idea plz?



This thread was automatically locked due to age.
Parents
  • 0

    I think you can make process exclusions in the SAV UI as of 10.6.3. Isn't process a new entry in the drop down? It doesn't set the registry keys but in the config file.

    The registry key should still work.  The driver has to be reloaded to read the keys, so either restart or do:


    net stop savservice

    net stop savonaccess

    net start savonaccess

    net start savservice

    You can certainly do them with Central managed server.



    Regards,
    Jak

Reply
  • 0

    I think you can make process exclusions in the SAV UI as of 10.6.3. Isn't process a new entry in the drop down? It doesn't set the registry keys but in the config file.

    The registry key should still work.  The driver has to be reloaded to read the keys, so either restart or do:


    net stop savservice

    net stop savonaccess

    net start savonaccess

    net start savservice

    You can certainly do them with Central managed server.



    Regards,
    Jak

Children
  • 0 in reply to jak

    I'm experiencing the same issue (with 10-6-3-VE3-64-3). New process exclusions via registry do not work (tested incl. reboot). The same for new process exclusions via the new drop-down in SAV UI (tested with net stop/start savservice&savonaccess only). I am not yet sure if existing exclusions via registry still work or not (as my backup jobs do not show a significant droip in performance)

    Regards

    Thomas

  • 0 in reply to ThomasScholz

    Hello all,

    on-premise SESC honours the values (both Value Name and Data are case sensitive), no drop-down (tested and seen on Win7 and W2k8). @Thomas: are you using the On-Premise or the Cloud product?

    Christian

  • 0 in reply to QC

    Hi,

    I am using the on-premise product (Enterprise Console v5.3.1). And yes, all registry entries are case-sensitive.

    BTW: I have opened a support call for this issue


    Regards

    Thomas

Unfiltered HTML