Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 2 subscribers
  • Views 6146 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to add SQL Policy exception on the Sophos Enterprise Console ?

System Engineer

Hi All,

Can anyone here please share some steps to implement the AV policy to exclude some SQL related file ?

I'm trying to set up the scan exclusion based on this Technote: https://support.microsoft.com/en-us/help/309422/how-to-choose-antivirus-software-to-run-on-computers-that-are-running but cannot find the steps in the Community forum.

Thanks in advance.



This thread was automatically locked due to age.
Parents
  • 0

    Hello System Engineer,

    first of all, please note that the exclusions are not an unconditional requirement (we don't use any exclusions for the SQL servers and don't have any problems related to scanning).
    Furthermore all the Microsoft articles on the impact of AV are (naturally) to a certain extent ambivalent - sometimes leaning to stressing the potential negative impact on performance and stability, other times underlining the increased security risk associated with exclusions. Then there's the famous Processes to exclude from virus scanning phrase - to my knowledge it has never been explained what this is supposed to mean: I suppose it's that file access by these processes shouldn't be intercepted (something that hasn't even been available with most AV products when the phrase has been coined for the first time), but it could also refer to in-memory scanning, process monitoring, or DLL loading.

    Sophos Central has the option to automatically apply "recommended" exclusions, this is not (yet) available for SEC though. The SEC Help describes how to specify exclusions, for more information please see Information on SESC 10.6.4 (note that Process exclusions, i.e. excluding files when they are accessed by a certain process) must be configured locally (setting via policy should be available with SEC 5.5.1).

    Christian

Reply
  • 0

    Hello System Engineer,

    first of all, please note that the exclusions are not an unconditional requirement (we don't use any exclusions for the SQL servers and don't have any problems related to scanning).
    Furthermore all the Microsoft articles on the impact of AV are (naturally) to a certain extent ambivalent - sometimes leaning to stressing the potential negative impact on performance and stability, other times underlining the increased security risk associated with exclusions. Then there's the famous Processes to exclude from virus scanning phrase - to my knowledge it has never been explained what this is supposed to mean: I suppose it's that file access by these processes shouldn't be intercepted (something that hasn't even been available with most AV products when the phrase has been coined for the first time), but it could also refer to in-memory scanning, process monitoring, or DLL loading.

    Sophos Central has the option to automatically apply "recommended" exclusions, this is not (yet) available for SEC though. The SEC Help describes how to specify exclusions, for more information please see Information on SESC 10.6.4 (note that Process exclusions, i.e. excluding files when they are accessed by a certain process) must be configured locally (setting via policy should be available with SEC 5.5.1).

    Christian

Children
No Data
Unfiltered HTML