This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DynamicShellCode - Event Log Service

I am getting hundreds of these error messages. Uninstalling and reinstalling Sophos hasn't helped.

What can I do to either stop these messages or fix the root cause?



This thread was automatically locked due to age.
Parents
  • Thank you for reaching the community forum.

    Can you share with us more details about this detection? Can you check which application triggered this detection and its path on your central dashboard? Based on the event, this detection is Shellcode (DynamicShellcode) Exploit which is being detected by our Dynamic Shell code protection under Intercept X. To further understand what this exploit is and how our feature works, I'll share this Documentation


    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • The Event Log service - as per subject

  • When checking the "Threat Analysis Center" are you able to find any further details recorded surrounding the detection event? 

    The following article goes into further detail regarding what to do when you see a DynamicShellcode detection. You can also find this linked directly from the detection event in Sophos Central. 
    - Sophos Central Admin: Dynamic Shellcode

    You can find resources on many exploit detections in the following blog post. 
    - New Exploit Mitigation Help

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Thanks, but I've already read that link and it does nothing and says nothing, other than how to add an exception if there is an application using memory that regular applications do not. Clearly the Windows Event Viewer is a regular application, so I don't want to add an exception. That's a lazy way out that may be allowing a problem to occur without detection. If it was a useful article with troubleshooting steps to actually fix/resolve the issue, I wouldn't need to post on the forums.

    Threat analysis says nothing either, or again, I wouldn't be here. Says the Windows Event Service has an unknown reputation (I find that very hard to believe). SFC /scannow finds no integrity issues.

Reply
  • Thanks, but I've already read that link and it does nothing and says nothing, other than how to add an exception if there is an application using memory that regular applications do not. Clearly the Windows Event Viewer is a regular application, so I don't want to add an exception. That's a lazy way out that may be allowing a problem to occur without detection. If it was a useful article with troubleshooting steps to actually fix/resolve the issue, I wouldn't need to post on the forums.

    Threat analysis says nothing either, or again, I wouldn't be here. Says the Windows Event Service has an unknown reputation (I find that very hard to believe). SFC /scannow finds no integrity issues.

Children