This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can Sophos block specific file or folder?

Hi, I have a question regarding blocking files:

I would like to block read/write access to specific file and/or file type on Endpoints. Can Sophos do this? Seems Data Control can only do part of this job.

Thanks in advance.

:808


This thread was automatically locked due to age.
  • Hi,

    The data control policy doesn't currently provide this capability. If network file permissions aren't enough [puts on sales man hat] you may want to consider file based encryption to provide an additional layer of security. The relevant Sophos products would be either PrivateCrypto or LanCrypt depending upon the level of key management required.

    http://www.sophos.com/products/enterprise/encryption/safeguard-lan-crypt/

    http://www.sophos.com/products/enterprise/encryption/safeguard-privatecrypto/ 

    Out of interest what type of files are you looking to protect?

    Best regards,

    John

    :809
  • Thanks for your answer. 

    Basically I want to block end users from accessing some files such as .mp3, .rmvb, etc. and also some other applications which are not in Sophos Application Control list.

    I have two additonal questions:

    1) In Application Control, if I want to block an application which is not in Sophos list, is it possible? Seems it is not easy to do that.

    2) In HIPS and Anti-Virus policy, can I manually add some files as suspicious files?

    Thanks in advance.

    :1086
  • Hello LY

    The answers.

    1) No, but you can request to SophosLabs for include a new apps.

    2) No. 

    But, the second option is interesting and appears be to Whitelist/Blacklisted file control.

    Regards,

    Linck Tello Flores

    :1099
  • Hi,

    We are planning to add custom application control in a future release so it is on our roadmap. Obviously we'll also continue to extend the scope of the definitions provided by SophosLabs. There are significant updates coming for the media player (all the main P2P streaming apps) and encryption tool categories over the next couple of months. In the meantime requests for additional identities should be sent to appcontrol@sophos.com. Please also include a download link for the software you would like to see controlled.

    At the moment AV/HIPS doesn't allow you to manually add suspicious files. I would recommend sending a sample to SophosLabs: http://www.sophos.com/support/knowledgebase/article/51120.html

    Thanks,

    John

    :1126
  • Hi

    Apologies for digging up a two-year-old thread, but this is the first discussion that appears when I google for this... Which might already answer the following question, but here goes: Is custom application control available yet?

    We have a lot of .swf games doing the rounds on our network which can't be blocked with group policy, and Sophos is *really* close to being able to cover this for us with Application Control, except that we can't add our own defs. The supplied ones seem vague and a potentially too all-encompassing ("flash game" for instance).

    We have sent samples to SophosLabs before and I got the distinct impression that writing defs for nuissance apps wasn't a priority... I never heard back once the sample was sent even though a support ticket had been raised for it.

    Have I missed an update or is this still 'on the roadmap'?

    Cheers

    Chris

    :25697
  • Hi Chris,

    With regard to custom application control. This is still a high priority item for Sophos because of the obvious use case which you describe. At present, there is no schedule for its development unfortunately so i can't provide you with more details than that.

    Regarding swf games. There is a technical issue why Sophos' Application Control cannot currently block such games. That is because our identities are written to identity characteristics of executables and block them. SWF files in themselves are not executable, rather they run via a flash enabled program (Internet Browser etc..) . This means that we cannot block them (at present at least).

    Regarding further applications that you submit, Sophos will look at and consider all application requests. If you'd like to follow up on your case, just reply to the support email that you were sent with the case ID listed in the subject line.

    Many thanks,

    DK

    :25705
  • We had real hopes that you would include the custom application control 2 years ago. This is one of our gripes for a long time since we've been using Sophos to prevent nuisance applications. The problem with us submitting the application is that it might be a nuisance for us but not for other users, and could potentially create problems with you blocking it suddenly.

    We've been using Sophos enterprise for at least 5 years now and we hope we don't have to drop it for another product because of a feature that can be found in almost any other enterprise AV software.

    :29267
  • I would like to point out it is now April of 2016, and this feature is still missing from Sophos Endpoint, while practically every competing AV product has this functionality.

    #Outdated #Abandonware

  • Will this feature be implemented in application control?  I need to block certain files being executed/opened/saved.

  • Did Sophos developers find any solutions for file execution prevention through Endpoint protection? Since long time we are waiting to invent the things by the experts.