Evening,
I recently came across an issue I can't figure out how to resolve.
We have an add-in for Excel that causes Sophos Endpoint to kill the program with a "StackExec" (MemProt) exploit prevented in Excel. Up until now we've just added the detection ID to the list of exclusions and it's worked fine. Within 2-3 minutes the clients stop reacting.
This evening I was told by staff the StackExec exploit is back so I added another detection ID exclusion but this time, my endpoint clients didn't pickup the exclusion. I did some testing, tried forcing the endpoint client to redownload policy per a KB from the self help tool. Didn't work.
The only way I could get the exploit prevention to not detect Excel as malicious was to temporarily turn off tamper protection and then disable exploit prevention. Obviously not a solution by any means, and we can't disable exploit prevention across the entire company just to satisfy the accounting team, so I need a fix as the add-in for excel ties into our accounting database and they need the tool to run reports.
As to when this started, we just noticed today after I went to add the exclusion.
Any help or insight is really welcome on this issue as I don't need my boss (IT Director) and the entire accounting team breathing down my neck wanting answers. And yes, we are waiting for the add-in dev to fix the thing but there's no eta of when that will happen.
This thread was automatically locked due to age.
