This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Deliberately NOT scan a certain folder and subfolders

Hi experts,


I have three physical servers and on each one is cluster storage on the root of C.  Each server does have the Sophos antivirus client on it.  What I need to do is ensure that the AV client NOT scan c:\ClusterStorage AND all its contents.

How can I do this?  Is there a way in the Sophos EC to exclude these directories?  If so, how?

Help!  Thanks!

Chris

PS.  I am on Enterprise Console 5.3.1.



This thread was automatically locked due to age.
Parents Reply Children
  • Hi Jak,

    Thanks for the reply, but...  Sorry, I don't know HOW to do this.  From the client?  Server?  How?  Where do I go?

    CB

  • If the computer are managed in Enterprise console, I suspect they are in a group.

    If you right click on the group you can find the name of the Sophos Anti-Virus policy that applies to the group.

    If you open that policy you want to:

    1. Click on Configure - to the right of 'Enable on access scanning'

    2. Click on the Windows Exclusions tab.

    3. Click Add, then choose Folder

    4. Enter the item name as:
    C:\ClusterStorage\

    Ensure to add the trailing slash.

    If you have any scheduled scans setup in the policy you can also add the directory for those.

  • Hi Jak,

    Well my goodness.  NO.  I only had one group, the default "Computers".  EVERYTHING is in there.  I've never used groups in the Sophos EC before.  And I only have on policy:  "Default".

    So I just created a new group called "Physical Host Servers".  I then duplicated the Anti-Virus and HIPS" policy, named that the same as the group name, and applied that to the new group (which, of course, I moved those 3 servers into).  Then I followed your instructions to add the folder exclusion.

    Sound like I did it right?

    But now there is a whole new can of worms I never even knew about...  Groups and Policy application!  What are best practices for different types of boxes?  By physical or virtual?  By OS?  I had NO idea how robust this could get.  The "Domain Controllers" group you see was NOT created by me, so I assume it is a Sophos default.  I have 3 DCs: one physical and 2 virtual.  They are all in the regular group using the default policies.  Is that bad?  Is there anything I should know about setting policies for DCs?  What about SQL servers?


    My goodness, I feel like I've discovered a whole new world (that I should have known about)!

    What do you advise?  THANKS!

    CB

  • Oh, forgot...

    You had previously mentioned "on-access" AND "on-demand" scanning, but it seems we have only dealt with "on-access" through the policy change?  What about the "on-demand"?  Thanks!

  • When I mentioned on-demand it was referring more to scheduled/user initiated rather than on-access.  

    Essentially if you have scheduled scans setup via policy you will want to make the exclusions are configured for those.  You can see the button - 'Extensions and Exclusions' on the first dialog when editing the Anti-Virus policy the applies to the group in SEC.  You want to add the same Windows exclusion there.

    Regards,

    Jak

  • Thank you, this was all very helpful.