Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 8 subscribers
  • Views 5193 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Home Premium won't allow exception on iCloud applications

Stefan B

I have Home Premium and during all scans, it claims that iCloudPhotos and iCloudDrive are malicious (flagged as 'Trojan').

The issue is that I have both of these listed as exclusions under the web portal

Not sure how to have these two applications whitelisted or removed from being False Positively flagged

The applications are both signed by Apple and are the 'real' versions.

I am running the following versions:
SophosHomeClean v3.7.21.4
Windows v10.0.0.16299.X64/8

From the log files,

   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
      Size . . . . . . . : 110,392 bytes
      Age  . . . . . . . : 62.0 days (2018-01-10 11:04:04)
      Entropy  . . . . . : 6.8
      SHA-256  . . . . . : EB7505F019B8A60DD30E16C8F6C4F054A1C16F8C9DA34ED46593F42A4AE88238
      Product  . . . . . : iCloud for Windows
      Publisher  . . . . : Apple Inc.
      Description  . . . : iCloud Drive
      Version  . . . . . : 1.7.20.44
      RSA Key Size . . . : 2048
      Parent Name  . . . : C:\WINDOWS\explorer.exe
      LanguageID . . . . : 0
      Authenticode . . . : Valid
      Running processes  : 11900
    > HitmanPro  . . . . : Win32/Backdoor.Behavior
      Fuzzy  . . . . . . : 109.0
      Startup
         HKU\S-1-5-21-2561482681-2319803087-951285490-1103\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iCloudDrive
      Network Ports
         172.16.16.22:49864    96.6.189.235:443

   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
      Size . . . . . . . : 356,664 bytes
      Age  . . . . . . . : 62.0 days (2018-01-10 11:04:52)
      Entropy  . . . . . : 4.9
      SHA-256  . . . . . : 5568569541D144993663940F4E08978981A0DF1A75E57631CBA2AE8E98428186
      Product  . . . . . : iCloud for Windows
      Publisher  . . . . : Apple Inc.
      Description  . . . : iCloud Photo Library
      Version  . . . . . : 145.0.0.42
      RSA Key Size . . . : 2048
      Parent Name  . . . : C:\WINDOWS\explorer.exe
      LanguageID . . . . : 0
      Authenticode . . . : Valid
      Running processes  : 9416
    > HitmanPro  . . . . : Win32/Backdoor.Behavior
      Fuzzy  . . . . . . : 109.0
      Startup
         HKU\S-1-5-21-2561482681-2319803087-951285490-1103\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iCloudPhotos
      Network Ports
         172.16.16.22:49873    96.6.189.235:443

 



This thread was automatically locked due to age.
Unfiltered HTML