Variable Folder Exclusions in Settings

Hello Nathan,

dunno about SEM but are you sure it ever worked (i.e. you could enter them but they had no effect)? Having said this - why do you need these exclusions? What are the issues with your DMS (again, I doubt they ever took effect - variables are only available in the Cloud Server Protection)?

% is a valid (although very rarely used) symbol for a name and SEC balks at your examples because their syntax is incorrect, it would accept \%temp%\NetRight (note the leading backslash) though it wouldn't have the desired effect. IIRC there is an (undocumented) option to qualify a file exclusion (which is global) with a folder, i.e. NoScan\*.doc would exclude all files with the extension .doc when they are (directly) in a folder named NoScan regardless of the folders location in the file system.

Christian

Hi Christian, thanks for the reply. In regards to the DMS, their documentation specifies that we need to exclude certain folders within the c:\user\usersname\appdata\roaming\interwoven\ folder as well as the temp\netright folder.

I dont know why, but I do know that one of our AV solutions caused users to lose their changes sometimes when checking documents back into the DMS, due to these folders being scanned.

Possibly you are correct that the old Enterprise Console accepted these values but didnt actaully action anything, as we never had problems with Sophos and the DMS.

We are heading to VDI soon, and along with this folder redirection, so I want to get our AV solution up to scratch beforehand. This is just the first step.

Is there a way of excluding folder within the user profile folders in Sophos?

Thanks,
Nathan

Hello Nathan,

we need to exclude

basically a scan delays an open (or close) and thus should be transparent for an application as far as the application's logic is concerned. Problems usually arise when an application either employs some nifty access or makes unjustified assumptions about a file system's behaviour.

we never had problems

Likely there aren't any - scanners and how they implement "real-time" scanning have been improved over time and many reservations are no longer well-founded.

excluding folder

as said (I haven't tested it recently but it should be fairly easy to do) a "qualified" file exclusion should work for a specific folder (but this exclusion the applies to all file systems - you can't restrict such an exclusion to just C:\Users).You can't use the *.* pattern but you can use ?s in one part and * in the other.  

Christian

Did you ever find a solution to this? I am needing to do the same to our DMS and am running into issues.

Hi Sean, I was able to enter wildcards like the following into our Sophos: C:\Users\%USERNAME%\AppData\Local\Temp\NetRight\

However I'm not sure if it is actually working. I've opened a ticket with Sophos so hopefully they get back to me. As much as someone might be right saying "You dont need to do this", it doesnt change our vendors mind on the topic. I've struggled with this before, and have just come across it again. We reach the end of our support when we tell our DMS vendor "Sophos says it isn't necessary"....... they then tell us "well, we cant help you if your product doesnt support what we recommend."

Hopefully we come up with a solution to this....