This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WebAdmin bad behavoir when configuring Endpoint Protection Antivirus File/Folders Exceptions

Greetings, I'm having problems when trying to configure the UTM Endpoint Protection Antivirus Exceptions to protect an Exchange 2013 server.

Exchange requires a sizable list of exclusions.

When I try to enter the file/folder exceptions, the UTM UI comes back with unexpected results.

Why is it doing this?

This is UTM 9.407-3, with the home license.

Here's a screencap of a newly-entered file/path exclusion:

 

And here's how that exclusion appears after clicking Save. Note the path!

 

And then if I click edit ...



This thread was automatically locked due to age.
Parents
  • Hello TimothyTrace,

    I'm not a UTM guy 'twas just Exclusion ...bugs? which caught my attention.
    As said I'm not familiar with the UTM UI (but at least with AV exclusions). Wonder if it's the \0 combination as the backslash should generally work. So just to test please try a path with characters other than 0 after the backslash (I know, this is not what you need but ...). Maybe just the \0 gets eaten, maybe others as well. I'd also check what's in the computer's AV settings - whether it's the slashless path or not.
    Unlikely but I've seen similar bugs it could be that the \0 is misinterpreted when it's read back for display in the GUI but correct in the policy.   

    Christian

    P.S. and BTW: Even as the KB article says must the exclusions are not necessarily necessary (forgive the bad pun). We have without problems none of them in place for our Exchange servers.

  • Hi can confirm that you dont need exclusions for running exchange smoothly with utm endpoint protection..

    seems to be a quoting bug... maybe need to set it in "path" or something like \/ or /\ to get it not interpreted...

     

    greets

    zaphod
    ___________________________________________

    Home: Zotac CI321 (8GB RAM / 120GB SSD)  with latest Sophos UTM
    Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...

Reply
  • Hi can confirm that you dont need exclusions for running exchange smoothly with utm endpoint protection..

    seems to be a quoting bug... maybe need to set it in "path" or something like \/ or /\ to get it not interpreted...

     

    greets

    zaphod
    ___________________________________________

    Home: Zotac CI321 (8GB RAM / 120GB SSD)  with latest Sophos UTM
    Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...

Children
  • zaphod said:
    Hi can confirm that you dont need exclusions for running exchange smoothly with utm endpoint protection..

    I've got real-world experience in recovering Exchange databases from damage caused by AV file-system real-time scanners. Not doing *that* again.

    Anyone who doesn't pay attention to Microsoft's recommendations for AV exclusions with Exchange (linked in the OP) is asking for trouble.

     

    zaphod said:
    seems to be a quoting bug... maybe need to set it in "path" or something like \/ or /\ to get it not interpreted...

    Good idea, thank you.

    Wrapping it in quotes doesn't help.

    Tried escaping the backslash ... no luck.

    • E:\/1a-DB\/1a-DB\/1a-DB brings back E:\/1a-DB\/1a-DB\/1a-DB
    • E:/\1a-DB/\1a-DB/\1a-DB brings back E:/\1a-DB/\1a-DB/\1a-DB
    • E:\\1a-DB\\1a-DB\\1a-DB brings back E:\\1a-DB\\1a-DB\\1a-DB

    Tried e:\01a-db\01a-db\01a-db, and it came back e:1a-db1a-db1a-db .

    Humorously, c:\temp comes back as .... yup .... c:\temp .

    What's going on here?