Server: Lockdown
Server Lockdown prevents unauthorized software from running on servers.
To do this, Sophos makes a list of the software already installed, checks it is safe, and allows only that software to run in future.
You lock down a server at its details page.
You can use the Server Lockdown settings in a base policy to change what is allowed without the need to unlock the server. For example, you might want to add and run new software.
Allowed files/folders
This option lets you allow software (such as updaters) to run and modify other applications. It also lets you add new software to a locked-down server without unlocking it.
You can specify files that are allowed, or a folder in which all the files are allowed.
- Click Add allowed file/folder.
- Select the type of item to allow (file or folder).
- Enter the path of the file or folder.You can use the wildcard *.
- Click Save.
Blocked files/folders
This lets you block software that is currently allowed to run.
You can specify files that are blocked, or a folder in which all the files are blocked.
- Click Add blocked file/folder.
- Select the type of item to block (file or folder).
- Enter the path of the file or folder. You can use the wildcard *.
- Click Save.