Global Exclusions listed in SNTPService.log and Policy.xml
When troubleshooting one of our endpoints I checked SNTPService.log and found out, that all global exclusions configured in Sophos Central appear in this log file.
C:\ProgramData\Sophos\Sophos Network Threat Protection\Logs\sntpservice.log
Additionally to the log file, these exclusions are also listed in the following config XML file:
C:\ProgramData\Sophos\Sophos Network Threat Protection\Config\policy.xml
To read these log and config files, no admin permissions are needed!
So, if a client got compromised, an attacker just has to check these files to find out which locations on the file system are not monitored by endpoint security and might shelter e.g. malware without triggering the endpoint security.
For us administrators it is not necessary to see the exact information about the exclusion paths on an endpoint.
We would highly appreciate it if this sensitive information gets removed from the log and config files.