Hi,
we have a controll app policy which allows the '3CX Phone', when the user log on another computer (also W7 Pro) works fine, the issue is not related with 'user<>policy'.
>>> How to troubleshoot this?
Even removing user from that policy - in a way to he receive the 'base app policy', which does not block, the user cannot open the app on that computer.
*** IMPROVEMENTS for Sophos Team = When sophos endpoint generate that entry, this should also put the policy named which cause that block.
---
Event Viewer entry:
##############
Nome do Log: Application
Fonte: Sophos Anti-Virus
Data: 03/09/2020 16:53:18
Identificação do Evento:52
Categoria da Tarefa:(13)
Nível: Informações
Palavras-chave:Clássico
Usuário: SERVIÇO LOCAL
Computador: PC-VENDAS16.COMPANY.LOCAL
Descrição:
File "C:\Program Files (x86)\3CXPhone\3CXPhone.exe" of controlled application '3CXPhone' (of type Voice over IP) has been detected.
XML de Evento:
<Event xmlns="schemas.microsoft.com/.../event">
<System>
<Provider Name="Sophos Anti-Virus" />
<EventID Qualifiers="8229">52</EventID>
<Level>4</Level>
<Task>13</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2020-09-03T19:53:18.000000000Z" />
<EventRecordID>140655</EventRecordID>
<Channel>Application</Channel>
<Computer>PC-VENDAS16.COMPANY.LOCAL</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data>File</Data>
<Data>C:\Program Files (x86)\3CXPhone\3CXPhone.exe</Data>
<Data>3CXPhone</Data>
<Data>Voice over IP</Data>
</EventData>
</Event>
This thread was automatically locked due to age.
