WebAdmin bad behavoir when configuring Endpoint Protection Antivirus File/Folders Exceptions

Thanks!

The online documentation says this: File/folders: If selected, you can exclude a file, a folder, or a network drive from antivirus scanning. Enter the file, folder, or network drive in the File/Path field, e.g., C:\Documents\ or \\Server\Users\Documents\CV.doc.  I tried that and ended up with the results shown in the OP.

There doesn't seem to be anything in the Knowledge Base which covers this situation. I scanned through several dozen articles and read the titles of more than a hundred.

Going with your suggestion, I took the path of "E:\01a-DB\01a-DB\01a-DB", shortened it to "\01a-DB\01a-DB\01a-DB" and saved the exception. Same results.

I wonder if anyone from Sophos will join the discussion .... ?

Hi,

Normally Sophos staff don't join the discussions, more than likely a more knowledgeable forum member will add their expertise.

I can't see how the UTM can exclude a drive on a server from anti-virus scanning, the UTM scans the packets as they pass through the UTM not the destination.

If you are configuring endpoint management on the UTM that is a different story, but you haven't specified that in your thread description.

I would recommend you change you thread title so the it reflects the issue and ask for assistance in configuring the end point exclusions for a mail server.

rfcat_vk said:

If you are configuring endpoint management on the UTM that is a different story, but you haven't specified that in your thread description.

Thanks. This topic is in the Endpoint Protection forum.

Nice. It seems that \0(anything) causes WebAdmin to drop the backslash and the zero.

Looks like I'll have to change my database paths and filenames to avoid this bug.

Question: If Sophos employees don't monitor this forum, what's the correct way for me to advise them of this problem? After all, I'm using a complimentary license. I wouldn't blame them for being unresponsive to my concerns.

If they were listening, I'd feature-request bulk imports of exceptions to handle these types of situations, or good documentation on how to script it through the CLI.

Thanks to everyone for the help.

zaphod said:

you can request features here: http://ideas.sophos.com/forums/17359-utm-formerly-asg-feature-requests

Thanks. I stuck it out there, however the pessimist in me says they've got fatter fish to fry.

while you are technically correct that you placed it in the correct forum, I found it on the summary page which this new BB now presents to you at first opening the website.

So, I was unable to quickly determine what you referring to other than you were asking for help.

zaphod said:

Hi can confirm that you dont need exclusions for running exchange smoothly with utm endpoint protection..

I've got real-world experience in recovering Exchange databases from damage caused by AV file-system real-time scanners. Not doing *that* again.

Anyone who doesn't pay attention to Microsoft's recommendations for AV exclusions with Exchange (linked in the OP) is asking for trouble.

zaphod said:

seems to be a quoting bug... maybe need to set it in "path" or something like \/ or /\ to get it not interpreted...

Good idea, thank you.

Wrapping it in quotes doesn't help.

Tried escaping the backslash ... no luck.

• E:\/1a-DB\/1a-DB\/1a-DB brings back E:\/1a-DB\/1a-DB\/1a-DB
• E:/\1a-DB/\1a-DB/\1a-DB brings back E:/\1a-DB/\1a-DB/\1a-DB
• E:\\1a-DB\\1a-DB\\1a-DB brings back E:\\1a-DB\\1a-DB\\1a-DB

Tried e:\01a-db\01a-db\01a-db, and it came back e:1a-db1a-db1a-db .

Humorously, c:\temp comes back as .... yup .... c:\temp .

What's going on here?