Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 3 subscribers
  • Views 13981 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exceptions don't seem to work

snickered

I added several exceptions in the Sophos Home Dashboard that don't seem to be working.  

 

Then I downloaded the EquationGroupLeak-master.zip file to the /Users/.../DS directory, unzipped it and was greeted by 1 zillion alerts and 1 zillion threats cleaned!  I'd like to look at the code of the files in this .zip file.  I'm sure I'm not using exceptions correctly but Professor Google hasn't been good to me this morning.

How can I properly exempt files from being scanned?

Thanks in advanced!



This thread was automatically locked due to age.
Parents
  • 0

    Hello Steven Platt,

    one important piece of information is missing (unless I've overlooked it), namely the path reported in the detections. Most of the time (depends on the unzipper) unzipping involves the %TEMP% directory and the detections might have been there.

    Christian

  • 0 in reply to QC

    Nope.  I just added /tmp and /tmp/* then tried again and Sophos still found the threats.  Does the exclusions list just simply not work or what?

  • 0 in reply to snickered

    Hello snickered,

    usually (on Windows) it's not called /tmp. Is this indeed part of the path named in the detections? If you get them (and you normally should) it's best to base the exclusion on the path reported and not make guesses what might be the required exclusion. Could you post one or two detection messages?

    Christian

Reply
  • 0 in reply to snickered

    Hello snickered,

    usually (on Windows) it's not called /tmp. Is this indeed part of the path named in the detections? If you get them (and you normally should) it's best to base the exclusion on the path reported and not make guesses what might be the required exclusion. Could you post one or two detection messages?

    Christian

Children
  • 0 in reply to QC

    I guess I should have mentioned that I'm on a Mac.  Here's my exceptions list and a few detections for you.  All I'm doing is unzipping the NSA stuff recently released and unzipping it.  As soon as I do I get bombarded with detections.  The zip file is stored in /Users/myuser/DS/EquationGroupLeak-20170414.zip.  For the record, I'm doing cd /Users/myuser/DS, then unzip EquationGroupLeak-20170414.zip.

     

    It seems like the exceptions are just ignored!

  • 0 in reply to snickered

    Hello snickered,

    to exclude a folder (its and its subfolders contents) the excpetion must end with a / (i.e. /Users/..../DS/, ..DS/* excludes the files in DS and .../DS a file named DS). If your screenshots are complete (and my eyesight is within acceptable limits) you've missed just the format that's supposed to work.

    Christian

  • 0 in reply to QC

    That was it!  I didn't even google for the proper syntax.  I just needed a / at the end of my folder.  Thanks for the answer and the link!

Unfiltered HTML