On-Premise Endpoint

Sophos Enterprise Console default on-access scan windows exclusions

On-Premise Endpoint requires membership for participation - click to join

Thread Info

State Verified Answer
Locked Locked
Replies 11 replies
Subscribers 2 subscribers
Views 16914 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

default on-access scan windows exclusions

nikolaj over 7 years ago

Hello,

I would like to know if the exclusions in the picture below are put by default by Sophos or instead you must put it.

This thread was automatically locked due to age.

Parents

0 Haridoss Sreenivasan over 7 years ago

Hi nikolaj

Yes, the exclusions in the picture are there by default. In case you need to add any particular exclusion you could do that here.

Haridoss Sreenivasan
Technical Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 nikolaj over 7 years ago in reply to Haridoss Sreenivasan

So why in the "Default" policy under "Antivirus and HIPS", none of these entries exist?
Cancel
Vote Up 0 Vote Down

Cancel
0 jak over 7 years ago in reply to nikolaj

They are not default. Someone has chosen to add them to your policy.

Many of the entries on that list aren't scanned by default beyond checking they are not executable anyway.

I would remove them all and re-enable scanning of remote files.

Just follow the article I mention for any specific roles the computers that are using that AV policy.

*.jar is a concern as you excluding all .jar files from all locations on disk.

Regards,

Jak
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 jak over 7 years ago in reply to nikolaj

They are not default. Someone has chosen to add them to your policy.

Many of the entries on that list aren't scanned by default beyond checking they are not executable anyway.

I would remove them all and re-enable scanning of remote files.

Just follow the article I mention for any specific roles the computers that are using that AV policy.

*.jar is a concern as you excluding all .jar files from all locations on disk.

Regards,

Jak
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 nikolaj over 7 years ago in reply to jak

"scanning of remote files" means the shares for example?

.jar by default is scanned and is better leave this way?
Cancel
Vote Up 0 Vote Down

Cancel
+1 jak over 7 years ago in reply to nikolaj

Yes, scanning of a file, say opened by a local process on a remote file share. E.g. \\server\share\1.exe.

You would want to scan .jar files. The only reason you may not is if you had a specific Java application which was suffering performance issues. Even then, you would exclude files in a specifc location to minimize risk rather than all .jar files on the system. This might also follow submitting sample files to Support to see if there was a reason there was a performance issue scanning them.

Regards,

Jak
Cancel
Vote Up 0 Vote Down

Cancel
0 nikolaj over 7 years ago in reply to jak

The only reason you may not is if you had a specific Java application which was suffering performance issues.

That is the case.

Even then, you would exclude files in a specifc location to minimize risk rather than all .jar files on the system.

I agree with you.
Cancel
Vote Up 0 Vote Down

Cancel