Enterprise Console: how to exclude items from scanning on your Windows 2000/XP/2003 computers

You can use Enterprise Console to exclude certain files or folders from scanning on your Windows 2000/XP/2003 computers. It allows you to use wildcards to specify the types of file and folder that you want to exclude from scanning (exclusions).

Computers running Windows 95/98/Me or Windows NT cannot have exclusions set up centrally by Enterprise Console; they must be configured locally and individually. See the Sophos Anti-Virus for Windows 2000+ user manual.

You can also exclude items from scanning on Windows 2000/XP/2003 computers locally.

What to do

1. Selecting computers for exclusions
   Open the Enterprise Console. In the tree view, click on the group that contains the computers that you want to apply exclusions to. Click 'SAV Policy' on the Enterprise Console toolbar. If it is greyed out, ensure you have clicked on the group itself and not on a computer in the group.
2. Choosing the type of scan for exclusions
   'Anti-virus policy for computers in group...' is displayed. You must now choose to exclude items either from on-access scanning or from scheduled scanning:
   • To exclude items from on-access scanning
     1. In the Configure Sophos Anti-Virus panel, click 'On-access...' to display the 'On-access scan settings' window.
     2. Select the Exclusions tab and click 'Add'.
     3. In the Exclude item dialog box, in the 'Item:' field, type one or more of the exclusions listed in the section 'Selecting items for exclusion', below.
   • To exclude items from scheduled scans
     Open the 'Scheduled scanning' panel at the bottom of the window, click 'Extensions and Exclusions' to open the 'Scheduled scan extensions and exclusions' window. Select one or more of the exclusions listed in the section 'Selecting items for exclusion', below.
3. Selecting items for exclusion
   You can select one or more of the following items for exclusion:
   • C: - excludes the whole of the local C drive
   • M: - excludes the whole of the M drive
   • *.exe - excludes all files with an EXE extension
   • \\server\share\ - excludes all files in the share \\server\share\ and its subfolders
   • C:\My Documents\ - excludes all files in C:\My Documents and all subfolders of My Documents
   • sage.dta - excludes all files called sage.dta in all folders
   In the following items, compare the use of the final backslash (\) in identifying whether it is a file or a folder that is excluded:
   • C:\Book\Chapter\ excludes the folder 'Chapter', all the files in it, and its subfolders (but not C:\Book)
   • C:\Book\Chapter\Part_1 only excludes the file 'Part_1'.
4. Excluding folders with long names
   To exclude a folder with a long name (i.e. that does not conform to the 8.3 format), you have to exclude all possible variants of the name. For example, to exclude C:\program files\sophos, you must also enter C:\progra~1\sophos in the exclusions list.
   
5. Applying exclusions
   When you have specified the exclusions you want to apply, highlight all computers in the group and right-click them.
   Click Comply With|Group anti-virus policy. The computers will then be updated with the exclusions you have applied.