Is it possible to import exclusions into a policy. Now it's a big typing and copy past session to update several policies with new exclusions when necessary.
Thanks, Ernst
This thread was automatically locked due to age.
Hello Ernst,
I assume you are talking about On-Access scanning exclusions. Save for database hacking there isn't. As exclusions should be used with consideration and generally avoided an update should seldom be necessary. Furthermore having a number of AV policies with different sets of exclusions would be a pain to maintain anyway. May I ask why you need them (assuming I understood you correctly) and how often you have to update them?
Christian
Hi Christian,
You're assumption is correct.
We are setting Sophos up over 7 business units, all with different management and different systems. For now I still have 3 on-access policies (times 2, because we've got 2 SEC's). In the future it will become more. Updating will become frequent when deploying the software.
I understand it isn't possible yet. Maybe some tooling would help?
Thanks, Ernst
I can offer something up. In SEC 5 (could be as soon as the start of December I've heard) you can export and inport exclusions for on-access to and from a text file.
I wrote a quick VBScript file (attached in the next post) to export exclusions from the database, e.g. SOPHOS4, SOPHOS45, SOPHOS47 and SOPHOS50, to a text file, one per policy if that would be of any use? Just change the two variables at the top to be your [server]\[instancename] and the database name. It will create a text file per policy with exclusions in the same directory as the script.
Regards,
Jak
strServerName = ".\SEC5" '<----Enter DB server name and instance here strDatabaseName = "Sophos50" '<----Enter DB name here (e.g. SOPHOS45, SOPHOS47,...) strConnectionString = "Driver={SQL Server};Server="&strServerName&";Database="&strDatabaseName&";Trusted_Connection=yes;" strSQL = "SELECT p.name, p.policyxml.query('" &_ "declare namespace SAV=""http://www.sophos.com/EE/EESavConfiguration""; " &_ "(/SAV:config/SAV:onAccessScan/SAV:exclusions/SAV:filePathSet/SAV:filePath) " &_ " ') as Exclusion " &_ "FROM policies as p with (nolock) where p.type = 2" wscript.echo strSQL set cn = CreateObject("ADODB.Connection") cn.open strConnectionString Set rs = CreateObject("ADODB.Recordset") rs.Open strSQL, cn ' Write file to disk set fso = CreateObject("Scripting.FileSystemObject") ' Loop for each record Do Until rs.EOF strEx = rs("Exclusion") if strEx <> "" then CreateFile rs("Name"), strEx end if rs.movenext Loop 'cleanup set cn = nothing set rs = nothing set fso = nothing 'Functions------------------------------------------------------------------------------------------- Function CreateFile (strName, strXML) on error resume next set file = fso.OpenTextFile(strName & "-Exclusions.txt", 2, True) arr1 = split (strXML, "<SAV:filePath xmlns:SAV=""http://www.sophos.com/EE/EESavConfiguration"">") for a = 0 to ubound (arr1) if arr1(a) <> "" then file.writeline replace(arr1(a), "</SAV:filePath>", "") end if next file.close set file = nothing End function '-----------------------------------------------------------------------------------------------------