Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 5675 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Perform Exclusion (psexec.exe) for multiple endpoint devices without Sophos Enterprise Console

Alex Lim

I have more than 50 endpoints consists of desktops and laptops. I want to perform an exclusion for this file (psexec.exe ) to all these endpoints .However, i do not have enterprise console to perform a centralized management for all the devices. Is there a method or approach on how to exclude this file without having to login and use the enterprise console. 

 

Appreciate your reply soonest possible. 



This thread was automatically locked due to age.
  • 0

    Hello Alex Lim,

    50 endpoints and no management? And all (manually) configured to update directly from Sophos?

    AFAIK there's no supported CLI to make exclusions. It is possible though to make the desired changes to machine.xml (when the AV service is stopped). The other part of the challenge is to perform it (reliably) on all endpoints.

    Christian 

  • 0 in reply to QC

    Hi Christian,

    For your information, all existing endpoint devices (desktop/laptops) are manually configure and updated from Sophos.

    As you mentioned, the machine.xml configuration file can be change, however is there a user guide to show how and which syntax/code need to change?

     

    Alex Lim 

  • 0 in reply to Alex Lim

    Hello Alex Lim,

    [I'm not Sophos]
    there's no guide, this is undocumented and in particular unsupported.
    Make a copy of machine.xml, set the desired exclusions with the GUI, and compare the files. For a file exclusion  the partial path in the XML is <onAccessScan><TDE><processors><item itemName="FileExclusions"><settings><exclusionList>. As machine.xml contains - not surprisingly - machine-specific information (e.g. the initial install date) you'd have to insert the required items in the correct place. Might be fun to implement this, question is whether it's worth the effort.

    BTW- why no management?

    Christian

Unfiltered HTML