This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WebAdmin bad behavoir when configuring Endpoint Protection Antivirus File/Folders Exceptions

Greetings, I'm having problems when trying to configure the UTM Endpoint Protection Antivirus Exceptions to protect an Exchange 2013 server.

Exchange requires a sizable list of exclusions.

When I try to enter the file/folder exceptions, the UTM UI comes back with unexpected results.

Why is it doing this?

This is UTM 9.407-3, with the home license.

Here's a screencap of a newly-entered file/path exclusion:

 

And here's how that exclusion appears after clicking Save. Note the path!

 

And then if I click edit ...



This thread was automatically locked due to age.
Parents
  • Hi,

    I will take a guess that your delimiters are seen as control or similar characters and maybe need to be enclosed in quotes or similar.

    I don't see any way of the UTM configuration identifying your E folder as being part of your exchange server?

    Please check the UTM knowledgebase for detailed instructions.

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Thanks!

    The online documentation says this: File/folders: If selected, you can exclude a file, a folder, or a network drive from antivirus scanning. Enter the file, folder, or network drive in the File/Path field, e.g., C:\Documents\ or \\Server\Users\Documents\CV.doc.  I tried that and ended up with the results shown in the OP.

    There doesn't seem to be anything in the Knowledge Base which covers this situation. I scanned through several dozen articles and read the titles of more than a hundred.

    Going with your suggestion, I took the path of "E:\01a-DB\01a-DB\01a-DB", shortened it to "\01a-DB\01a-DB\01a-DB" and saved the exception. Same results.

    I wonder if anyone from Sophos will join the discussion .... ?

     

  • Hi,

    Normally Sophos staff don't join the discussions, more than likely a more knowledgeable forum member will add their expertise.

    I can't see how the UTM can exclude a drive on a server from anti-virus scanning, the UTM scans the packets as they pass through the UTM not the destination.

    If you are configuring endpoint management on the UTM that is a different story, but you haven't specified that in your thread description.

    I would recommend you change you thread title so the it reflects the issue and ask for assistance in configuring the end point exclusions for a mail server.

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hello TimothyTrace,

    don't think it's the drive letter. Here are strings I'd try (just for narrowing down): E:\0a\1b\2c\3d\4e\5f\6g\7h\8i\9j\ZZ\ and E:\01\0f\0g\01g

    Christian

  • rfcat_vk said:
    If you are configuring endpoint management on the UTM that is a different story, but you haven't specified that in your thread description.

    Thanks. This topic is in the Endpoint Protection forum.

  • Nice. It seems that \0(anything) causes WebAdmin to drop the backslash and the zero.

    Looks like I'll have to change my database paths and filenames to avoid this bug.

    Question: If Sophos employees don't monitor this forum, what's the correct way for me to advise them of this problem? After all, I'm using a complimentary license. I wouldn't blame them for being unresponsive to my concerns.

    If they were listening, I'd feature-request bulk imports of exceptions to handle these types of situations, or good documentation on how to script it through the CLI.

    Thanks to everyone for the help.

Reply
  • Nice. It seems that \0(anything) causes WebAdmin to drop the backslash and the zero.

    Looks like I'll have to change my database paths and filenames to avoid this bug.

    Question: If Sophos employees don't monitor this forum, what's the correct way for me to advise them of this problem? After all, I'm using a complimentary license. I wouldn't blame them for being unresponsive to my concerns.

    If they were listening, I'd feature-request bulk imports of exceptions to handle these types of situations, or good documentation on how to script it through the CLI.

    Thanks to everyone for the help.

Children