Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exclude entries from Inbound allow list from Enhanced Email Malware Scan?

Hey Sophos Team and Sophos Community,

an entry on the Inbound allow list does not exclude the mails sent by our mail server to bypass the Enhanced Malware Scan by Sophos when we have files attached.

Is there a way to exclude entries from inbound allow list from Enhanced Email Malware Scan (ideally without disabling EEMS as a whole for all  regular mails).

This would make my work a lot easier. Otherwise, I will have to bypass Sophos as a whole, which is possible, but requires triple the communication and paperwork.

Looking very much forward to some ideas or insights.

EDIT:

The menu entry "e-mail policy" allows me to edit the Base Policy - Data Loss Prevention. I can add domains there which should exclude the mails from this sender from the scanning process. Unfortunately it doesn't work like I thought.

My mails with attachments still go through Intelix Threat Analysis, and it deletes them. How do I create rules or policies or exceptions for that? I know I can disable that as a whole, but that is not my goal. I want certain mail servers to basically have a get out of jail free card.



Added tags
[edited by: Raphael Alganes at 2:39 AM (GMT -7) on 7 Jun 2023]