This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Microsoft office applications started being blocked on macOS machines

From today macOS users started claiming microsoft office applications were blocked by Sophos EP.

As fas as I know, according to this notice (+) Notification of Application Control application updates Planned for the 28th November 2023 - Application Control - Sophos Labs - Sophos Community, the office applications are out of scope being added to the control list.

And on Sophos Central, I can't find these applications on application control list and blocked events log.

Is anyone experiencing the same issue?



This thread was automatically locked due to age.
Parents Reply Children
  • Hi James,

    I've kicked off updates in Sophos, restarted my Mac, but am still getting bombarded with notifications.

    In console, the check for New Applications is still on (and I didn't turn it off during this issue), there's no new entries for Auto Update to turn off.

    So, not sure if anyone else is experiencing a stop in alerts, but I'm not

  • Hello Jon,

    Can you please check /Library/Caches/com.sophos.sau/CID/Sophos Installer Components/av-data/ for the file loade-bl.ide. That is the update file. If it is present, it should prevent this from occurring.

    If it is present but the detection is still occurring, please open a support case with us (or if you have one already, PM the number to me).

    Thanks.

  • Thanks for this specific information. The file is not yet present, so I will keep monitoring.

  • Well, I got the update file, and the warnings have stopped. I was also able to run the Updater and all is well there.

    However, now trying to launch OneNote is presenting this. Word, Excel, Outlook, Teams, and Powerpoint are all working without being blocked.

  • One of two things may be happening. 

    1. The previously blocked items are remaining cached on the device. A reboot will clear this up. 
    2. The policy on the device may need to update. You can find out if a recent policy refresh has occurred by checking the "Endpoint Self Help Tool" either from the Windows Start menu, or from the "About" section in the Sophos Endpoint UI. Try checking the "Policy" tab to verify the timestamp next to "Sophos Core Customer" has been updated.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hi Qoosh

    1. The previously blocked items aren't being blocked, it's a new block. Auto Updater now works, OneNote is now blocked and it was not previously.

    2. Looks like the most recent update was 1:42CST yesterday when the fix was rolling out, which explains why now OneNote is broken when it wasn't previously

  • My apologies. I misunderstood your issue. So our team can better track the impact this is having across our customer base, I'd suggest opening a support case. I'd be happy to do this for you as well, please send me a private message.  

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids