Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.
Our software is being flagged by SOPHOS for malicious behaviour, the reason is APC violation. What is the application doing that could cause APC violation? A quick search on Google yields no result what Application Procedural Call is.
Hi There Meng Zhu,
You may refer for this KBA for a brief explanation as to why you are getting this alert https://support.sophos.com/support/s/article/KB-000039243?language=en_US In addition, this KB explain on how to report a false positive on your application if you are sure that this is a legitimate one.
Hi,
Here is the brief details: https://docs.sophos.com/central/Customer/help/en-us/central/Customer/tasks/AdvancedExploitMitigation.html
So, what is an Application Procedure Call and why do we care?
They are generally used to pass data between programs. Sometimes this is malicious data. So, our product monitors the calls and if they meet certain suspicious/malicious patterns - then they get stopped.
So the question is, what APCs is your product doing and are they compliant with all the industry standards.
If you have more questions, feel free to pose them here and I can answer them as best I can. I will not, however, be able to review your code.
Sincerely,
RichardP
Snr. New Product Introduction Engineer | CISSP | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS AlertsIf a post solves your question use the 'Verify Answer' link.