Instructions for using Sophos Endpoint’s Exclusion to allow running script removals

1 Overview

Sophos Endpoint blocks malicious software as well as dangerous scripts from running on the system. However, there are scripts we create for our own purposes, but when we launch them, they are blocked by Endpoint.

Here thegioifirewall will guide you to use exclusion policy to allow these scripts to run

2 Situation

The situation in this article is that Endpoint blocks script from automatically removing software from your computer. This is a link to an article on how to uninstall endpoint using gpo with script launch.

When we launch the script to uninstall, the endpoint shows a message and marks this script as a member of the Security Software Removal Tool group, so it blocked the script from running.

Open the log to see if we will see the blocked script information about the path as well as the file’s hash code

3 Configuration

To configure the above exclude script, we perform the following steps:

We proceed to create an Endpoint policy. Select the policy type as Threat protection. Select the devices you want to add to the policy

Then switch to settings. Scroll down to the bottom.

In the Exclusion section, select Add Exclusion

Select Exclusion Type as File or Folder. In the Value section, Enter the path of the script file to remove the endpoint and then select Add.

Save policy just created. So we can run the script to remove the endpoint of the above article.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.