How can we exclude application for particular machine, is it possible?

I want to exclude particular "Remote management tool" for one particular machine, is it possible to achieve the same? I mean not sure whether we can do this for single machine and allow on rest.

  • Hi Abhijeet,

    To create an application exclusion for one machine, you would need to create a new Application Control policy to allow this application.  In Sophos Enterprise Console you can right click the existing Application Control policy, duplicate it and make the required change for the machine.  Once we have this policy we must create a new group to nest this one machine and we can apply this policy to that group.  You can right click a group and select Create Group to create this.  To move the computer to this group, simply drag and drop it into the group.  To apply the new Application Control policy to this group you can drag and drop the policy to the group as well.

  • In reply to SJaramillo:

    Thanks for the reply.


    I tried but unable to move client to new group, it says "computer is a part of synchronized group and cannot be moved".

    I believe new OU in AD needs to be created with the same sophos group name, and then its possible? or can we do that in console directly?



  • In reply to Abhijeet Nawale:

    Helo Abhijeet,

    if the endpoint is indeed in a synchronized group you'd have to create an appropriate OU in AD. AD Sync mirrors the container (OU) structure as group tree and moves the computers to the relevant groups.


  • In reply to QC:

    Hello Christian,


    Thanks for the reply.


    That's what I thought too, cool.