Globale Ausnahme - Datei wird trotzdem gelöscht

Hi Stefan Prokopf

Do you want to make sure that this file should not be scanned in on-access or scheduled?

If that is the scenario, you can mention the file with the full path in the global exclusions which will make sure that this goes unscanned every time.

Ideally, if folder is excluded, their sub-folder should not be scanned but there should be E:\SBH GmbH\ path in the exclusions.

I'd recommend you don't put the whole folder into the exclusions if your intention is to just protect the above-mentioned DLL file.

Hi Jasmin,

I'll translate:

I got this situation:

 - installed Sophos Central Endpoint with Intercept X

 - global exclusion is set for directory "E:\SBH GmbH" - for both realtime and on demand scan

 - there is a subdirectory where a file gets deleted regulary (E:\SBH GmbH\factu32v6\DLL\SBH_MailExec.dll)

 - this file is used to send emails to their customers

 - after this file was deleted, they copy this DLL from their desktop again back to the path they need - there is no exception for their desktop, file stays at the desktop

 -  there are no entrys at the log of the Sophos Clients or at Central that the file gets deleted

 - i found this entry at windows log

       File "E:\SBH GmbH\factu32v6\DLL\SBH_MailExec.dll" belongs to virus/spyware 'ML/PE-A'.

       Provider Sophos System Protection

Why gets this file delete by Sophos? Why is there no entry at the logs?

Thanks!

Hi Stefan Prokopf 

Why gets this file delete by Sophos? - We can't surely point any finger exactly but I'd like to know the timestamp of the event in the event logs whether it is nearby the last time it disappeared?

Why is there no entry at the logs? - Well, this should be done if Sophos has removed the file but can't say exactly why it happened without detailed troubleshooting.

Please follow the steps I mentioned in my previous reply and check whether file gets deleted or stays in the path.

Hi Jasmin,

the producer of the software wants this folder complete excluded.

I guess this software is not coded at best practice..

It is a kind of control-software for a workman company.

It would have several alerts for different files and after any update they may change.

There is no local admin onsite - so we have this folder exclusion accepted as a compromis.

Also it slows down significant if the folder gets scanned.

I added both as you recommend additonal:

Lets see if that helps.

But i still dont understand, why the file not gets deleted from the desktop of the user.

Hi Stefan Prokopf 

Thank you for the following steps. I just want to confirm that you have mentioned on-access and scheduled scan for .dll file exclusion.

For deletion of the file, the subfolders and file will be excluded if "\" is mentioned at the last in the exclusion path, else it will go and just exclude the files mentioned under that folder.

Even after this, if the issue reoccurs, I'd suggest you open a case with Sophos and please PM me the case number, so I can keep an eye on the case.

yep - both scans

We tried several testmails from the software and the file stays - thanks for your help to understand the the expresion better

Hi Stefan Prokopf 

Thank you for the confirmation. Please feel free to post your query on the community.

Well, I thought this forum is the community - what else can I do ?

Hi Stefan Prokopf 

Yes, it is a community. I meant if you have any further issues, please feel free to post on the community. :-)