Hello,
after updating the Sophos Central Enpoint Agent and rebooting the client, Outlook is crashing right after startup.
This problem occurred on several clients.
After a while of testing, I found out that the real-time protection is causing the issue.
When the service is disabled, Outlook works fine.
Also, I just disabled the Remote Files option in the central policy, applied it and Outlook functions as normal with real-time protection turned on.
OS: Windows 10 Pro (Build 19044.1645)
Endpoint Agent Version:
Core Agent: 2.20.13 (2.20.11 as well)
Endpoint Advanced: 10.8.11.4
Sophos Intercept X: 2.0.24
License: Intercept X Advanced with XDR
Installed Office 64-Bit: Microsoft 365 Apps for Enterprise (Version 2203 Build 16.0.15028.20228)
Is someone having the same issue?
Kind regards
Tobias
This wiped out all of our estate, there is an issue with DLP turn this setting off on the endpoints or via the policy and it will start working again.
Thank you @TomHilton. This Workaround did the trick. Though I hope this will get fixed soon.
I believe this is fixed in the next release.
Other than either turning off DLP or excluding remote files, you can exclude just
\\server\\PIPE\srvsvc
This would be better than all remote files. Where server is the name of the file server I assume the users documents are on?
Hi can anyone explain how to disable DLP?
I cannot find any switch for this.
Or is DLP only active if I configured it?
In the list of policy types there is one for Data control. You can disable it there. You could make the exclusion also as a workaround until it’s fixed in the next release.
It's a base policy, so can't be disabled. Any solution? This is causing a lot of grief here.
Can you not make an exclusion for
\\servername\\PIPE\srvsvc
how many file servers would Outlook access typically?
Same Problem here. Workaround fixed this issue.
We have the problems on terminal servers of one customer and I excluded remote files from scanning, exclude a specific path shouldn't help now anyway, or should it?
We still have problems, I asking myself in the moment, which modules I can disable, to reduce intercept X to a absolut basis protection.I am afraid, that this whole problem with this customer has sth. to do with realy big user profiles and big mail boxes.
Any idea here?
Same problem here too. We had a custom DLP policy, we removed all users from it so they went back to the default/baseline DLP policy (that wasn't configured) and that seems to have resolved our issue for now. We logged with Sophos who asked us to run a diagnostics tool on one of our machines but the workaround was already in place at this point and it wasn't impacting everyone for some reason - I couldn't replicate it on my own machine/profile. People who had issues opening Outlook also had issues downloading files via Chrome/IE.
I've asked support if it's a known issue and if a fix is on the way but not heard back, also pointed them in the direction of this thread showing others having the same issue.