Sophos default exclusions, List?

Hello!

 

Is there a list of the default Sophos Endpoint AV exclusions (especially for Windows)?

 

I'm currently installing Sophos Endpoint on serveral clients (via Sophos Central) and I'm checking, which additional exclusions I will need.

I'm aware of the "Recommended vendor exclusions for use with Sophos products (Windows)"  (https://community.sophos.com/kb/en-us/35970), but certainly Sophos does already have some of these already set. Especially the basic windows exclusions.

 

Where can I find such a list?

 

Regards

 Sven

  • Hi  

    This article provides information on scanning exclusions for specific file types/folders or processes. If the exclusions need to be added Globally then that can be found under Global Settings in Central. You can apply exclusions either by creating a new policy or applying under the existing one for affected servers/ machines. Other than vendor exclusions list, we do not have any specific list for default exclusions. 

  • In reply to Shweta:

    I was not asking how to define exclusions!

     

    You said "Other than vendor exclusions list, we do not have any specific list for default exclusions."

    But what does this mean?

    I want to see a list, which shows all the default exclusions of Sophos AV.

    Does Sophos use all the entries in the vendor exclusion list per default? I do not understand this.

     

    As an example Microsoft recommends to exclude the following files:

       NTUser.pol,  Registry.pol,  Registry.tmp

    which belong to the Group-Policy mechanism of Windows.

    Most likely Sophos AV does already exclude these files per default. Otherwise Sophos AV could break the whole Windows System and/or Windows Security mechanisms.

     

    Where can I find such a list?

     

    Regards

     Sven

  • In reply to Sven Anders:

    Hello Sven,

    there are, AFAIK, no predefined exclusions for desktop computers. Automatic exclusions (if the setting is enabled) are only applied to certain products.

    You are perhaps referring to articles like Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows. Before I get to the mentioned examples I read the following (emphases mine): may help an administrator determine the cause of potential instability. Then temporarily apply [...] to evaluate. And evaluate the risks, [...] take any appropriate additional steps to help protect [...] We do not recommend this workaround [...] Use this workaround at your own risk [...] Your system will be safer if you do not exclude any files or folders from scans.
    This is clearly not a call for proactive automatic exclusions, IMO the contrary.

    Christian