Exclude files / folders from Ransomware detection
When some programs running on workstations genuinely encrypt files on a file server (as Lacerte tax program does), CryptoGuard catches the activity as a ransomware attack.
Currently there is no mechanism to exclude files or folders from Ransomware scanning, so it is impossible to have CryptoGuard enabled on those servers.
While workstations are also running CryptoGuard and could catch ransomware at that level, having the server unprotected is not really a solution as other workstations with no Sophos installed could potentially encrypt server files.
Excluding specific folders and letting CryptoGuard continue to protect the server for all other folders would be a more secure solution.
Christian Nancy
shared this idea
Sophos can exclude processes but are very careful about which ones, that is, they need to be high reputation. Excluding files/folders is clearly not a good option as any process could read/write to/from them unchecked.
