Importing Exclusions into a policy

Hello Ernst,

I assume you are talking about On-Access scanning exclusions. Save for database hacking there isn't. As exclusions should be used with consideration and generally avoided an update should seldom be necessary. Furthermore having a number of AV policies with different sets of exclusions would be a pain to maintain anyway. May I ask why you need them (assuming I understood you correctly) and how often you have to update them?

Christian

Hi Christian,

You're assumption is correct.

We are setting Sophos up over 7 business units, all with different management and different systems. For now I still have 3 on-access policies (times 2, because we've got 2 SEC's). In the future it will become more. Updating will become frequent when deploying the software.

I understand it isn't possible yet. Maybe some tooling would help?

Thanks, Ernst

I can offer something up.  In SEC 5 (could be as soon as the start of December I've heard) you can export and inport exclusions for on-access to and from a text file.

I wrote a quick VBScript file (attached in the next post) to export exclusions from the database, e.g. SOPHOS4, SOPHOS45, SOPHOS47 and SOPHOS50, to a text file, one per policy if that would be of any use?  Just change the two variables at the top to be your [server]\[instancename] and the database name.  It will create a text file per policy with exclusions in the same directory as the script.

Regards,

Jak

strServerName       = ".\SEC5"   '<----Enter DB server name and instance here
strDatabaseName     = "Sophos50" '<----Enter DB name here  (e.g. SOPHOS45, SOPHOS47,...)
strConnectionString = "Driver={SQL Server};Server="&strServerName&";Database="&strDatabaseName&";Trusted_Connection=yes;"

strSQL = "SELECT p.name, p.policyxml.query('" &_
     "declare namespace SAV=""http://www.sophos.com/EE/EESavConfiguration""; " &_
     "(/SAV:config/SAV:onAccessScan/SAV:exclusions/SAV:filePathSet/SAV:filePath) " &_
     " ') as Exclusion " &_
     "FROM policies as p with (nolock) where p.type = 2" 

	 wscript.echo strSQL
	 
set cn = CreateObject("ADODB.Connection")
cn.open strConnectionString

Set rs = CreateObject("ADODB.Recordset")
rs.Open strSQL, cn

' Write file to disk
set fso = CreateObject("Scripting.FileSystemObject")

' Loop for each record
Do Until rs.EOF
	strEx = rs("Exclusion") 
   if strEx <> "" then
     CreateFile rs("Name"), strEx
   end if
  rs.movenext
Loop

'cleanup
set cn  = nothing
set rs  = nothing
set fso = nothing

'Functions-------------------------------------------------------------------------------------------
Function  CreateFile (strName, strXML)
  on error resume next

  set file = fso.OpenTextFile(strName & "-Exclusions.txt", 2, True)
  arr1 = split (strXML, "<SAV:filePath xmlns:SAV=""http://www.sophos.com/EE/EESavConfiguration"">")
  for a = 0 to ubound (arr1)
    if arr1(a) <> "" then
      file.writeline replace(arr1(a), "</SAV:filePath>", "")
    end if
  next

  file.close
  set file = nothing
End function
'-----------------------------------------------------------------------------------------------------