This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Different Options for Exclusions

From SEC for policies there is two very different options for excluding file types under On-access scan settings.

What is the difference between the two and which one is best to use.

Extensions tab - Exclude button

Windows Exclusions - Add button

 

Also does anyone know why there is two options as it doesn't make any sense.



This thread was automatically locked due to age.
  • I guess it's probably a bit of legacy as both aren't available in the Central managed client which is newer.

    I would always use the Windows Exclusions option to exclude files or folders.  In SAV These exclusions take place in the driver that filters the file system.  If you exclude a file by it's extension, then I'm guessing the file has to be opened and the file type determined so the service has to get involved.  As a result the Windows Exclusions would be the best for performance.

    Regards
    Jak

  • Why sohpos has two was to excluded?  Who knows but like jak points out windows gives better performance. But here is a few other differences.

    We use on-site SEC (Sophos Enterprise Console).

    This is all under "On-access scan settings"

    The Extensions tab doesn't allow for importing or exporting so you have to manually update.

    From the desktop client if you open "On-access scan setting" the function is very difference and doesn't match what the SEC does. This is probably due to poor communication within the sophos teams.

    But if you want to hide what extensions you are excluding then use the SEC extension tab.

    The SEC Windows Exclusion tab is the best way to go as it keeps all your exclusions in one place.

    You can export the list.  Modify it then re-import.

    The nice thing about the import function is it merges with the current list.  This comes in really handy when you have many policies that need the same file type or extension added.

     

     

  • Hello Navar Holmes,

    first of all, there shouldn't be much need for exclusions, really.

    you have to manually update [Extensions]
    how often do you need to update Extensions? You're talking about adding exclusions, the set is finite. And IMO typing three characters is less work than selecting a file from the filelist interface.   

    doesn't match what the SEC does
    additions and exclusions to Extensions are processed by the engine (service or daemon). The default list of extensions considered is OS-specific, SEC has no knowledge of the engine's settings.

    The OS-specific Exclusions are processed by the interceptor, the engine is not involved. it merges [...] This comes in really handy The feature has been added for this purpose - but not for [adding] the same file type or extension but rather very specific patterns and paths where repeated typing or copy/paste of several items would be tedious.

    Christian