Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 2 answers
  • Subscribers 14 subscribers
  • Views 16568 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ROP exploit prevented

fnanfne

Hi 

I have the same issue as the users in this thread.

https://community.sophos.com/community-chat/f/discussions/108211/rop-exploit-prevented-in-microsoft

Our users are trying to use a VoIP tool called VoIPOffice Communicator and Sophos is blocking them, we've been using this application for years now and the flag is a false positive for sure.

All the links provided for a workaround in the above URL is null and void.

I have added FOUR exclusions to Sophos Central now, but this is still being blocked.

Please help.

Thanks
Steven



This thread was automatically locked due to age.
  • 0

    This might get better answers in the Intercept X Discussion.

    Are you sure the blocking is occurring in Intercept X and not at the Firewall? I've spent a long time trying to figure some issues out thinking it was the Firewall and it was Intercept X, and I imagine the opposite can happen too. Just checking.

  • 0

    Will move to Intercept X Discussion for visibility

    Karlos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
  • 0

    Hi fnanfne,

    Thanks for reaching out to the Sophos Community Forum.

    If you see unexpected detections come up on a device, I suggest trying to install the Intercept X Hotfix Package

    If this also does not work, you may want to try using steps under "Stop checking for a specific exploit on an application". If you can look into the Windows Event Viewer to share the output from "Event ID 911" this will also provide more context on why the detection is being generated. The same information can also be found by clicking the "Details" button on the detection event from Sophos Central.

    Sometimes this can be due to add-ons or 3'd party applications that interact with your Office apps.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0

    Hi all thanks for the replies.

    We don't use Sophos Firewall Wayne, so it can't be that.

    It appears to have been some replication/delay issue. I touched base with the affected users the following day, and they said they are now able to open the application previously blocked by Sophos.

    This delay is somewhat annoying as I did get the user to update the Sophos agent on their laptop quite a few times, and got them to reboot their machine as well. I also tried to update directly from Sophos Central but all of this was to no avail.

    Thanks again for the input.

Unfiltered HTML
Help Us Improve The Community
Unfiltered HTML