Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 4 subscribers
  • Views 17069 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Windows Exclusions for User Folders

Nick_SVRMC

Hi,

I've been looking for a solid answer on how to do this and everything I'm finding seems like it isn't possible. I have a vendor application that has a requirement to exclude the following path:

"C:\Users\<Windows USER_ID> \AppData\Roaming\Nuance\"

Since building this exclusion for every single user we have is just out of the question. Is there away to setup an exclusion variable for that path that will work?

Thanks,

NICK



This thread was automatically locked due to age.
  • 0

    Hi,

    I know that more recently the endpoint software has started to accept such exclusions at least for the server version of SAV as managed by Sophos Central.

    http://docs.sophos.com/sophos-cloud/customer-dashboard/help/en-us/webhelp/index.htm#concepts/ExclusionsVariables.htm#concept_dxh_vsf_pp

    I believe the new on-access driver and service capable of such exclusions is coming to the regular endpoint line in 10.6.4.  Maybe one to confirm with Support but it should be soon.

    The other question would be what under the "Nuance" directory are you trying to exclude, is it some form of 'database' file that is constantly being changed and hence may need to be repeatedly scanned?  I'm always a little sceptical about third-party software vendors recommendation and understanding of exclusions.  What are they guarding against?  Performance issues? Is there a public article recommending this, does it say why? Maybe the issue they have seen in the past which gave rise to the article was with one particular product in a particular scanning configuration, i.e. scan all files and scan inside archives.  Have you witnessed an issue without an exclusion?

    I can understand the use case of a piece of software which expects to receive malware samples and there is a directory to exclude to prevent detections.  This is more common for gateway products.  I can also understand software such as Metasploit where you might have detectable sample files in a directory.

    Regards,

    Jak

  • 0 in reply to jak

    Jak,

    There is a support document that Nuance provided saying to exclude this folder I don't have access to it right now, but the reason that the vendor says to exclude it that they claim scanning affects the performance of the Dragon Dictation Software. The Nuance folder stored in the users appdata folder is where Dragon will download their "voice profile" each time the log in to use the software. It will then upload any changes to the "voice profile" that may have been made when they are finished using the software. According to Nuance, when active scanning is being done it affects the performance of the software. 

    Since this folder was excluded with our last AV software and we are still in the build phase of getting Sophos Endpoint setup I haven't ever seen this be an issue.

    Basically I was given a bunch of different support documents for all of the different software being used here and told to add all the recommend exclusions for AV scanning into Sophos Endpoint as part of our build phase. I'm not even sure if all these exclusion settings apply to Sophos endpoint or not.

  • 0
    VariableWindows 7 or later, Windows Server 2008 or laterWindows Server 2003, Windows XP, Windows Vista
    %allusersprofile%\ C:\ProgramData\ C:\Documents and Settings\All Users\
    %appdata%\ C:\Users\*\AppData\Roaming\

    Note: Does not work for on-access scanning.    		 C:\Documents and Settings\*\Application Data\

    Note: Does not work for on-access scanning.
    %commonprogramfiles%\  C:\Program Files\Common Files\ C:\Program Files\Common Files\
    %commonprogramfiles(x86)%\ C:\Program Files (x86)\Common Files\ C:\Program Files (x86)\Common Files\
    %localappdata%\ C:\Users\*\AppData\Local\

    Note: Does not work for on-access scanning.    		 C:\Documents and Settings\*\Local Settings\Application Data\

    Note: Does not work for on-access scanning.
    %programdata%\ C:\ProgramData\ C:\Documents and Settings\All Users\Application Data\
    %programfiles%\ C:\Program Files\ C:\Program Files\
    %programfiles(x86)%\ C:\Program Files (x86)\ C:\Program Files (x86)\
    %systemdrive%\ C: C:
    %systemroot%\ C:\Windows\ C:\Windows\
    %temp%\ or %tmp%\ C:\Users\*\AppData\Local\Temp\

    Note: Does not work for on-access scanning.    		 C:\Documents and Settings\*\Local Settings\Temp\

    Note: Does not work for on-access scanning.
    %userprofile%\ C:\Users\*\

    Note: Does not work for on-access scanning.    		 C:\Documents and Settings\*\

    Note: Does not work for on-access scanning.
    %windir%\ C:\Windows\ C:\Windows\

    From KBA - 123467

    I hope it helps.

  • 0 in reply to Vikas

    It looks like I am going to need to update our software for this to work, but this is what I was looking for.

Unfiltered HTML