On the Endpoint Protection > Antivirus > Exceptions tab you can define computer group-specific exceptions from the antivirus settings of endpoint protection. An exception serves to exclude items from scanning which would be scanned due to an antivirus policy setting.
To add an exception, proceed as follows:
On the Exceptions tab, click Add Exception.
The Add Exception dialog box opens.
Make the following settings:
Type: Select the type of items you want to skip from on-access and on-demand scanning.
- Adware and PUA: If selected, you can exclude a specific adware or PUA (Potentially Unwanted Applications) from scanning and blocking. Adware displays advertising (for example, pop-up messages) that may affect user productivity and system efficiency. PUAs are not malicious, but are generally considered unsuitable for business networks. Add the name of the adware or PUA in the Filename field, e.g., example.stuff.
- File/folders: If selected, you can exclude a file, a folder, or a network drive from antivirus scanning. Enter the file, folder, or network drive in the File/Path field, e.g., C:\Documents\ or \\Server\Users\Documents\CV.doc.
- File extensions: If selected, you can add files with a specific extension so that they will be scanned by antivirus scanning. Enter the extension in the Extension field, e.g., html.
- Buffer overflow: If selected, you can prevent an application using buffer overflow techniques from being blocked through behavior monitoring. Optionally enter the name of the application file in the Filename field and upload the file via the Upload field.
- Suspicious files: If selected, you can prevent a suspicious file from being blocked through antivirus scanning. Upload the file via the Upload field. Sophos UTM generates the checksum of the file. The name of the uploaded file will automatically be used for the Filename field. Optionally modify the filename. If a file having the defined filename and the stored MD5 sum is found on the client, it will not be blocked through antivirus scanning.
- Suspicious behaviors: If selected, you can prevent a file from being blocked through suspicious behavior detection. Optionally enter the name of the file in the Filename field and upload the file via the Upload field.
Websites: If selected, websites matching the properties specified in the Web format field will not be scanned through antivirus protection.
Web format: Specify the server(s) with the websites you want to allow to visit.
- Domain name: Enter the name of the domain to be allowed into the Website field.
- IP address with subnet mask: Enter the IPv4 address and netmask of the computers to be allowed.
- IP address: Enter the IPv4 address of the computer to be allowed.
Upload (only with types Buffer overflow, Suspicious files, and Suspicious behaviors): Upload the file that should be skipped from antivirus scanning.
Computers Groups: Select the computer groups for which this exception is valid.
Comment (optional): Add a description or other information.
The new exception appears on the Exceptions list.
To either edit or delete an exception, click the corresponding buttons.