This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Realtime protection seems to cause Outlook crash

Tobias Haupt over 1 year ago

Hello,

after updating the Sophos Central Enpoint Agent and rebooting the client, Outlook is crashing right after startup.

This problem occurred on several clients.

After a while of testing, I found out that the real-time protection is causing the issue.

When the service is disabled, Outlook works fine.

Also, I just disabled the Remote Files option in the central policy, applied it and Outlook functions as normal with real-time protection turned on.

OS: Windows 10 Pro (Build 19044.1645)

Endpoint Agent Version:

Core Agent: 2.20.13 (2.20.11 as well)

Endpoint Advanced: 10.8.11.4

Sophos Intercept X: 2.0.24

License: Intercept X Advanced with XDR

Installed Office 64-Bit: Microsoft 365 Apps for Enterprise (Version 2203 Build 16.0.15028.20228)

Is someone having the same issue?

Kind regards

Tobias

This thread was automatically locked due to age.

Top Replies

TomHilton over 1 year ago +3

This wiped out all of our estate, there is an issue with DLP turn this setting off on the endpoints or via the policy and it will start working again.

0 TomHilton over 1 year ago

This wiped out all of our estate, there is an issue with DLP turn this setting off on the endpoints or via the policy and it will start working again.
Cancel
Vote Up +3 Vote Down

Cancel
0 Tobias Haupt over 1 year ago in reply to TomHilton

Thank you @TomHilton. This Workaround did the trick. Though I hope this will get fixed soon.
Cancel
Vote Up 0 Vote Down

Cancel
0 Sophos User930 over 1 year ago in reply to Tobias Haupt

I believe this is fixed in the next release.

Other than either turning off DLP or excluding remote files, you can exclude just

\\server\\PIPE\srvsvc

This would be better than all remote files. Where server is the name of the file server I assume the users documents are on?
Cancel
Vote Up +1 Vote Down

Cancel
0 Dirk B over 1 year ago in reply to TomHilton

Hi can anyone explain how to disable DLP?

I cannot find any switch for this.

Or is DLP only active if I configured it?
Cancel
Vote Up 0 Vote Down

Cancel
0 Sophos User930 over 1 year ago in reply to Dirk B

In the list of policy types there is one for Data control. You can disable it there. You could make the exclusion also as a workaround until it’s fixed in the next release.
Cancel
Vote Up 0 Vote Down

Cancel
0 Adam Currey over 1 year ago in reply to Sophos User930

It's a base policy, so can't be disabled. Any solution? This is causing a lot of grief here.
Cancel
Vote Up 0 Vote Down

Cancel
+1 Sophos User930 over 1 year ago in reply to Adam Currey

Can you not make an exclusion for

\\servername\\PIPE\srvsvc

how many file servers would Outlook access typically?
Cancel
Vote Up +1 Vote Down

Cancel
0 Administrator User654 over 1 year ago in reply to TomHilton

Same Problem here. Workaround fixed this issue.
Cancel
Vote Up 0 Vote Down

Cancel
0 Dirk B over 1 year ago in reply to Sophos User930

We have the problems on terminal servers of one customer and I excluded remote files from scanning, exclude a specific path shouldn't help now anyway, or should it?

We still have problems, I asking myself in the moment, which modules I can disable, to reduce intercept X to a absolut basis protection.
I am afraid, that this whole problem with this customer has sth. to do with realy big user profiles and big mail boxes.

Any idea here?
Cancel
Vote Up 0 Vote Down

Cancel
0 Simon C over 1 year ago

Same problem here too. We had a custom DLP policy, we removed all users from it so they went back to the default/baseline DLP policy (that wasn't configured) and that seems to have resolved our issue for now. We logged with Sophos who asked us to run a diagnostics tool on one of our machines but the workaround was already in place at this point and it wasn't impacting everyone for some reason - I couldn't replicate it on my own machine/profile. People who had issues opening Outlook also had issues downloading files via Chrome/IE.

I've asked support if it's a known issue and if a fix is on the way but not heard back, also pointed them in the direction of this thread showing others having the same issue.
Cancel
Vote Up 0 Vote Down

Cancel