Sophos UTM: Decommissioning of obsolete URL categorization services CFFS. Click here for important info.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Endpoint Protection not applying global exclusions


I recently came across an issue I can't figure out how to resolve.

We have an add-in for Excel that causes Sophos Endpoint to kill the program with a "StackExec" (MemProt) exploit prevented in Excel. Up until now we've just added the detection ID to the list of exclusions and it's worked fine. Within 2-3 minutes the clients stop reacting.

This evening I was told by staff the StackExec exploit is back so I added another detection ID exclusion but this time, my endpoint clients didn't pickup the exclusion. I did some testing, tried forcing the endpoint client to redownload policy per a KB from the self help tool. Didn't work.

The only way I could get the exploit prevention to not detect Excel as malicious was to temporarily turn off tamper protection and then disable exploit prevention. Obviously not a solution by any means, and we can't disable exploit prevention across the entire company just to satisfy the accounting team, so I need a fix as the add-in for excel ties into our accounting database and they need the tool to run reports.

As to when this started, we just noticed today after I went to add the exclusion.

Any help or insight is really welcome on this issue as I don't need my boss (IT Director) and the entire accounting team breathing down my neck wanting answers. And yes, we are waiting for the add-in dev to fix the thing but there's no eta of when that will happen.

This thread was automatically locked due to age.
Parents Reply Children
No Data