Sophos Anti-Virus for Windows 2000+: how to centrally exclude Internet Explorer Security Zones from being scanned by Sophos web content scanning

Issue
This article describes how to centrally exclude Internet Explorer security zones from being scanned by Sophos web content scanning. Sophos web content scanning is enabled by default in Sophos Anti-Virus 7.6 and above.

Sophos product and version
Sophos Anti-Virus for Windows 2000+, version 7.6 and above

What to do

If you would like to exclude an Internet Explorer security zone from being scanned by the Sophos web content scanner on computers that are managed from Enterprise Console, update savconf.xml to specify all the zones that you want to exclude from scanning. The local host and intranet zone are excluded by default, however they must be specified in savconf.xml as zone configuration will be overwritten by the configuration specified in savconf.xml and not including them in savconf.xml will result in those two zones being scanned by Sophos web scanning.

1. In Notepad or a similar text editor, create a new savconf.xml file and paste in the following xml code:
   
   Note: in the code below, the security zones are defined as follows:
   0 = the local host
   1 = the local intranet zone
   2 = the trusted zone
   3 = the Internet zone
   
   For example in the following savconfig, the trusted zone will be added to the list of zones that are not scanned by Sophos web scanning. You can add or delete zones from this xml code as required.
   

   
<?xml version="1.0" encoding="utf-8" ?>
<config xmlns="http://www.sophos.com/EE/EESavConfiguration">
<!-- Custom install configuration for SAV2K/XP/2003 -->
<inst:install xmlns:inst="http://www.sophos.com/SAVXP/SavInstallConfiguration" xmlns="http://www.sophos.com/SAVXP/SavInstallConfiguration">
<webScanning>
<webScanningOperations>
<zones>
<item>0</item> <!-- local machine -->
<item>1</item> <!-- intranet -->
<item>2</item> <!-- trusted zone -->
</zones>
</webScanningOperations>
</webScanning>
</inst:install>
</config>

As a consequence of the above to restore the default behavior after adding or removing zones from the exclusions a savconf file has to be created that specifies the default zones (0 and 1) as follows:

<?xml version="1.0" encoding="utf-8" ?>
<config xmlns="http://www.sophos.com/EE/EESavConfiguration">
<!-- Custom install configuration for SAV2K/XP/2003 -->
<inst:install xmlns:inst="http://www.sophos.com/SAVXP/SavInstallConfiguration" xmlns="http://www.sophos.com/SAVXP/SavInstallConfiguration">
<webScanning>
<webScanningOperations>
<zones>
<item>0</item> <!-- local machine -->
<item>1</item> <!-- intranet -->
</zones>
</webScanningOperations>
</webScanning>
</inst:install>
</config>


2. Save the file as savconf.xml into the savxp directory of the CID. On Windows 2000+ computers the location may vary according to which version of Enterprise console you are running:
   Enterprise console version 3:
   • if you do not use Sophos Client Firewall, this will usually be \\SERVER\InterChk\ESXP\savxp
     OR
   • if you are using Sophos Client Firewall, this will usually be \\SERVER\InterChk\SAVSCFXP\savxp
     
     Enterprise console version 4:
   • if you do not use Sophos Client Firewall, this will usually be \\SERVER\InterChk\SophosUpdate\CIDs\Snnn\ESXP\savxp; (where Snnn is the relevant folder on your system, where n represents a digit).
     OR
   • if you are using Sophos Client Firewall, this will usually be \\SERVER\InterChk\SophosUpdate\CIDs\Snnn\SAVSCFXP\savxp (where Snnn is the relevant folder on your system, where n represents a digit).
     

3. Use ConfigCID.exe to implement the changes you have made. See Enterprise Console: using ConfigCID to implement XML configuration file changes for more guidance.
   Once the changes have been applied, any network computers updated or protected from the central installation will exclude the added sites from Sophos web content scanning.