Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 13 subscribers
  • Views 2027 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Ransomware protection blocks our application

Johan Johansson

I am software supplier having some issues with Intercept X.

Basically this is the setup:

Windows Server 2016, IIS, Asp.Net web application, .Net based background Service

The web app communicates with the background service by saving xml "job" files in a c:\Programdata folder. The background service picks up the file, puts a read lock on the file, renames it and then executes the job.

My issue: If the ransomware protection is active, the system call to rename the file blocks forever.

This is only a problem on server based Windows. On WIndows 10 PC it works perfectly fine with the same ransomware protection active.

It should be noted that there are no errors, logs, alerts or anything coming from Sophos. The only way we figured this out was to disable one module at a time until it started working again.

I have attached a list of versions installed both on the server and on the old pc (where it works).

Any idea please?

Fullscreen sophosver.txt Download 
New-Server 	Core Agent 	2.18.2 	
New-Server 	Sophos Intercept X 	2.0.20 	Intercept X Advanced for Server with XDR 
New-Server 	Server Protection 	10.8.10.3 	
New-Server 	Sophos AMSI Protection for Windows (64-bit) 	1.6.50.0 	
New-Server 	Sophos Anti-Virus 	10.8.10.810 	
New-Server 	Sophos Clean 	3.9.4.1 	
New-Server 	Sophos Endpoint Defense 	2.2.6.735 	
New-Server 	Sophos Endpoint Firewall 	1.2.0.17 	
New-Server 	Sophos Endpoint UI 	2.2.6.0 	
New-Server 	Sophos File Integrity Monitoring 	1.0.1.11 	
New-Server 	Sophos File Scanner 	1.7.952.0 	
New-Server 	Sophos Health 	2.6.2.0 	
New-Server 	Sophos Live Query (64-bit) 	3.2.1.206 	
New-Server 	Sophos Live Terminal (64-bit) 	1.2.131.0 	
New-Server 	Sophos Machine Learning Engine 	1.7.0.19 	
New-Server 	Sophos Management Communications System 	4.13.16.0 	
New-Server 	Sophos Network Threat Protection 	1.11.194.0 	
New-Server 	Sophos Self Help Tool 	3.0.236.0.2 	
New-Server 	Sophos Standalone Engine 	1.6.56 	
New-Server 	Sophos Threat Detection Engine 	3.80.1.0 	
New-Server 	Sophos Uninstaller 	1.10.54.54 	
New-Server 	Sophos-HitmanPro-Alarm 	3.8.1.504 	
New-Server 	Sophos AutoUpdate 	6.7.352.352 	
Old-PC 	Core Agent 	2.19.6 	
Old-PC 	Sophos Intercept X 	2.0.22 	Intercept X Advanced with XDR 
Old-PC 	Endpoint Protection 	10.8.11.1 	
Old-PC 	Sophos Anti-Virus 	10.8.11.22 	
Old-PC 	Sophos Clean 	3.9.8.10 	
Old-PC 	Sophos Endpoint Defense 	3.0.0.1639 	
Old-PC 	Sophos Endpoint Firewall 	1.2.0.17 	
Old-PC 	Sophos Endpoint UI 	2.3.150.0 	
Old-PC 	Sophos File Scanner 	1.8.24.0 	
Old-PC 	Sophos Health 	2.7.28.0 	
Old-PC 	Sophos Live Query (64-bit) 	3.3.0.267 	
Old-PC 	Sophos Live Terminal (64-bit) 	1.3.23.0 	
Old-PC 	Sophos Machine Learning Engine 	1.7.4.0 	
Old-PC 	Sophos Management Communications System 	4.14.203.0 	
Old-PC 	Sophos Network Threat Protection 	1.11.194.0 	
Old-PC 	Sophos Self Help Tool 	3.1.9.0 	
Old-PC 	Sophos Standalone Engine 	1.6.56 	
Old-PC 	Sophos Threat Detection Engine 	3.80.1.0 	
Old-PC 	Sophos Uninstaller 	1.11.71.71 	
Old-PC 	Sophos-HitmanPro-Alarm 	3.8.1.504 	
Old-PC 	Sophos AutoUpdate 	6.9.360



This thread was automatically locked due to age.
Parents Reply Children
Unfiltered HTML