Sophos Anti-Virus for Windows 2000+: how to centrally exclude sites from being scanned by Sophos web content scanning

Issue
This article describes how to centrally exclude sites from being scanned by Sophos web content scanning.
Sophos web content scanning is enabled by default in Sophos Anti-Virus 7.6.

Sophos product and version number
Sophos Anti-Virus for Windows 2000+, version 7.6

What to do

To exclude a site from being scanned by the Sophos web content scanner choose one of the following procedures:

• Use Windows Group Policy to add the site to the local Intranet zone (Sophos web content scanner does not scan this zone by default)
• Use savconf.xml to whitelist the site (you should only use this procedure if you use Enterprise Console to manage client computers).

1. Use Windows Group Policy to add the site to the local Intranet zone

1. From Windows Control Panel, go to Administrative Tools, and open the Group Policy Management Console.
   Select the required policy and click 'Edit'. The Group Policy Editor window opens.
2. Under Local Computer Policy, select:
   Computer Configuration | Administrative Templates | Windows Components | Internet Explorer | Internet Control Panel | Security Page.
3. Open Site to Zone Assignment List and double-click Add-on List.
4. Click 'Enabled'. Under ‘Enter the zone assignments here’, click Show.
5. Click 'Add...'. In the Add Item dialog box, you are prompted for information:
   Enter the name of the item to be added, e.g. http://www.domain.com
   Enter the value of the item to be added: 1
6. Click OK | OK | Apply
7. The end points will have the site added to the local Intranet Zone when the group policy refreshes.
8. To force this on a test client use this command:
   gpupdate /force

2. Use savconf.xml to white list the site
This procedure is only designed to be used if you use Enterprise Console to manage client computers.

1. In Notepad or a similar text editor, open a new file and paste in the following text:

   <?xml version="1.0" encoding="utf-8" ?>
   <config xmlns="http://www.sophos.com/EE/EESavConfiguration">

    <!-- Custom install configuration for SAV2K/XP/2003 -->
    <inst:install xmlns:inst="http://www.sophos.com/SAVXP/SavInstallConfiguration" xmlns="http://www.sophos.com/SAVXP/SavInstallConfiguration">
     <webScanning>
      <webScanningOperations>
       <urlWhiteList>
        <item>http://www.domain.com</item>
       </urlWhiteList>
      </webScanningOperations>
     </webScanning>
    </inst:install>

   </config>

   • NOTE: 
     The URL needs to be an exact match.
     Multiple entries can be specified using the syntax as follows:
     <urlWhiteList>
          <item>http://www.domain.com</item>
          <item>http://www.domain2.com</item>
        </urlWhiteList>
     
2. Save the file as savconf.xml into the savxp directory of the CID.  This will usually be one of the following:
   
   
   • For Windows 2000/XP/2003/Vista computers
     \\SERVER\InterChk\ESXP\savxp
     
   • If you are using Sophos Client Firewall:
     \\SERVER\InterChk\SAVSCFXP\savxp 
     
     
3. Use ConfigCID.exe to implement the changes you have made:
   
   See Enterprise Console: using ConfigCID to implement XML configuration file changes for more guidance.
   
   Once the changes have been applied, any network computers updated or protected from the central installation will exclude the added sites from Sophos web content scanning.