This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Globale Ausnahme - Datei wird trotzdem gelöscht

Hallo Zusammen,

 

ich habe folgende Situation:

 

 - Installiert Sophos Central Endpoint mit Intercept X

 - Globaler Ausschluss für Verzeichnis "E:\SBH GmbH" - sowohl für Echtzeit als auch geplante Scans

 - In einem Unterverzeichnis davon verschwindet regelmäßig eine Datei (E:\SBH GmbH\factu32v6\DLL\SBH_MailExec.dll)

 - Diese wird vom einem Programm benutzt um Mails an Kunden zu verschicken

 - Wenn diese Datei verschwunden ist, nimmt der Kunde diese Datei von seinem Desktop (für diesen Speicherort sind keine Ausnahmen eingetragen) und kopiert die Datei wieder in den benötigten Pfad

 - Es gibt keine Einträge in den Sophos Clients oder in der Central Verwaltung, das diese Datei gelöscht wird

 - Im Windows Eventlog habe ich einen Eintrag gefunden:

       File "E:\SBH GmbH\factu32v6\DLL\SBH_MailExec.dll" belongs to virus/spyware 'ML/PE-A'.

       Provider Sophos System Protection

 

Kann mir jemand sagen wie ich verhindern kann das die Datei gelöscht wird?

 

Danke für eure Hilfe.

Stefan



This thread was automatically locked due to age.
Parents
  • Hi

    Do you want to make sure that this file should not be scanned in on-access or scheduled?

    If that is the scenario, you can mention the file with the full path in the global exclusions which will make sure that this goes unscanned every time.

    Ideally, if folder is excluded, their sub-folder should not be scanned but there should be E:\SBH GmbH\ path in the exclusions.

    I'd recommend you don't put the whole folder into the exclusions if your intention is to just protect the above-mentioned DLL file.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Hi Jasmin,

    I'll translate:

    I got this situation:

     

     - installed Sophos Central Endpoint with Intercept X

     - global exclusion is set for directory "E:\SBH GmbH" - for both realtime and on demand scan

     - there is a subdirectory where a file gets deleted regulary (E:\SBH GmbH\factu32v6\DLL\SBH_MailExec.dll)

     - this file is used to send emails to their customers

     - after this file was deleted, they copy this DLL from their desktop again back to the path they need - there is no exception for their desktop, file stays at the desktop

     -  there are no entrys at the log of the Sophos Clients or at Central that the file gets deleted

     - i found this entry at windows log

           File "E:\SBH GmbH\factu32v6\DLL\SBH_MailExec.dll" belongs to virus/spyware 'ML/PE-A'.

           Provider Sophos System Protection

     

    Why gets this file delete by Sophos? Why is there no entry at the logs?

     

    Thanks!

Reply
  • Hi Jasmin,

    I'll translate:

    I got this situation:

     

     - installed Sophos Central Endpoint with Intercept X

     - global exclusion is set for directory "E:\SBH GmbH" - for both realtime and on demand scan

     - there is a subdirectory where a file gets deleted regulary (E:\SBH GmbH\factu32v6\DLL\SBH_MailExec.dll)

     - this file is used to send emails to their customers

     - after this file was deleted, they copy this DLL from their desktop again back to the path they need - there is no exception for their desktop, file stays at the desktop

     -  there are no entrys at the log of the Sophos Clients or at Central that the file gets deleted

     - i found this entry at windows log

           File "E:\SBH GmbH\factu32v6\DLL\SBH_MailExec.dll" belongs to virus/spyware 'ML/PE-A'.

           Provider Sophos System Protection

     

    Why gets this file delete by Sophos? Why is there no entry at the logs?

     

    Thanks!

Children
  • Hi  

    Why gets this file delete by Sophos? - We can't surely point any finger exactly but I'd like to know the timestamp of the event in the event logs whether it is nearby the last time it disappeared?

    Why is there no entry at the logs? - Well, this should be done if Sophos has removed the file but can't say exactly why it happened without detailed troubleshooting.

    Please follow the steps I mentioned in my previous reply and check whether file gets deleted or stays in the path.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link