This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Central Client - Extensions List

I have been installing Sophos Endpoint Security and control for years and noted that the listing on "Vulnerable and Executable" file types (Extensions) was visible in the client when you have local amin rights. This file extension list was contained in the config.xml of the client and was useful in suggesting exclusions that are needed i.e. no need to exclude .log, .mdb, .ldf etc.

 

I can't see a similar listing in the Sophos Cloud Endpoint. Would it be worth detailing how the scanning process has changed from On-Prem to Central?



This thread was automatically locked due to age.
Parents
  • Hello StephenHiggins,

    as you're familiar with the on-premise SESC (and I'm not familiar with Central): AFAIK SAV proper and the scanning engine isn't really different in Central. I'm not aware that this list is in some config, at least the ones in %ProgramData% don't refer to default extensions (don't have a Windows machine at hand right now). The GUI provides a list with the On-Demand Extensions and Exclusions and sav32cli.exe also spits out this information if you ask nicely.
    Not sure if there's a config.xml (even in SESC) that contains this information but sav32cli.exe -vv -? should tell.

    Christian

  • You mention that the GUI provides a list wit hthe On-Demand Extensions and Exclusions - Where is that? also running SAV32CLI on a machine even with the -help option closes as soon as the sav32cli has run, do you know a way of keeping the information on the screen "|more" is not working nor is  "-page"

    Stephen Higgins

    w: www.sjh-consulting.co.uk

    f: www.facebook.com/sjhconsultinguk

    t: 07740195926

    e: stephen@sjh-consulting.co.uk

    m: 22 Hamble Drive, Abingdon, Oxfordshire, OX14 3TE.

     

  • Hello StephenHiggins,

    the GUI
    in Central is likely different from the one for SESC. In SESC it's ConfigureAnti-VirusOn-Demand extensions and exclusions.

    sav32cli.exe's manifest requests highestAvailable as execution level, thus when you run it from a non-elevated cmd window you get the UAC prompt and a new window opens (and closes after sav32cli completes). If you run it from an administrative prompt no new windows is created. Use sav32cli.exe -vv|more, the extensions are shown after the list of IDEs.

    Christian

  • Thanks for the SV32CLI information Christian.

     

    With SESC the extensions could be seen in the endpoint in the c:\ProgramData\Sophos\Sophos Anti-Virus\Config\machine.xml but this has changed in Sophos Central and the list of not there. My worry is that the extensions list on a client (not a server) would include files that normally would not be scanned with SESC.

    Stephen Higgins

    w: www.sjh-consulting.co.uk

    f: www.facebook.com/sjhconsultinguk

    t: 07740195926

    e: stephen@sjh-consulting.co.uk

    m: 22 Hamble Drive, Abingdon, Oxfordshire, OX14 3TE.

     

Reply
  • Thanks for the SV32CLI information Christian.

     

    With SESC the extensions could be seen in the endpoint in the c:\ProgramData\Sophos\Sophos Anti-Virus\Config\machine.xml but this has changed in Sophos Central and the list of not there. My worry is that the extensions list on a client (not a server) would include files that normally would not be scanned with SESC.

    Stephen Higgins

    w: www.sjh-consulting.co.uk

    f: www.facebook.com/sjhconsultinguk

    t: 07740195926

    e: stephen@sjh-consulting.co.uk

    m: 22 Hamble Drive, Abingdon, Oxfordshire, OX14 3TE.

     

Children
  • Hello Stephen,

    extension list in machine.xml
    might have been there once, or perhaps only those added/excluded with the policy, isn't there. And BTW, SESC's GUI lists the extensions also for ConfigureOn-access-scanning → tab Extensions (dunno why I have overlooked it as it's so obvious).

    my worry
    do you have any particular extensions in mind, what harm would be done anyway?
    There's no reason that the scanner should behave differently.

    Christian