sophos hitman pro alert und borland delphi debugging extrem lamngsam

Hi mwe_tt, 

Thanks for reaching out to the Sophos Community Forum.

May I ask what kind of exclusions you've created in the policy?

To prevent HitrmanPro from scanning apps on the device, you will need an exclusion of the type "Ransomware Protection". It's possible to create both process and folder exclusions. This type of exclusion can only be added from the Global Exclusions page. 

A mini-filter driver is loaded into running processes, allowing HMPA to perform scanning. By adding this type of exclusion, this mini-filter is not longer loaded into the specified process. Specifying folder will prevent file and folder operations from being scanned. For developer apps, adding exclusions for the folders where necessary files reside should also help. 

Hi mwe_tt, 

Thanks for reaching out to the Sophos Community Forum.

May I ask what kind of exclusions you've created in the policy?

To prevent HitrmanPro from scanning apps on the device, you will need an exclusion of the type "Ransomware Protection". It's possible to create both process and folder exclusions. This type of exclusion can only be added from the Global Exclusions page. 

A mini-filter driver is loaded into running processes, allowing HMPA to perform scanning. By adding this type of exclusion, this mini-filter is not longer loaded into the specified process. Specifying folder will prevent file and folder operations from being scanned. For developer apps, adding exclusions for the folders where necessary files reside should also help. 

Hi Kushal,

i will try in englisch.

many thanks for your quick reply.

i only made exceptions for files and folder windows.

Now i testet with

• Ransomeware: Full Path of the file.
• Ransomeware: Full Path only 
• Ransomeware: exe of the Delphi IDE
• all together

but with no luck.

in the logfile sophoshmpaservice.log is no more entry of the file, but the prozess monitor shows that hmpalert.exe scan the file anyway.

The funny thing is that he really only scans this one file and C:\Windows\System32\svchost.exe

I allready try to except C:\Windows\System32\svchost.exe but with no luck. this file cannot be exclude i think

Scanning the file svchost.exe  takes milliseconds, but the executable that needs to be debugged takes a long time and is scanned more often.

maybe you have an idea

br

michael

Hi mwe_tt ,

Can you please try to install the 'hotfix' on one of the affected devices and see if there's any developments?

Kindly refer to the following article for the steps and for more information about the software package:

Sophos Central Intercept X Maintenance Release

Let us know how it goes.

hi Gladys 

yes. this solved my problem.

thank you very much.

br

michael

Hello,

we are having the same problem, but we can't find the 'hotfix' in the available Software Packages on our Sophos Console. 

Do you know why?

Hi andrea

you have to

Adding the Maintenance Release to the list of available software packages 

1. Logon to Sophos Central and go to 'Global Setting' > 'Administration' > 'Software Packages'
2. Select the 'Windows computer' or 'Windows Server' tab and click 'Add software'
3. Enter the platform software token to add the Maintenance Release (MR) package to the list of available releases
4. Platform Software Token: 3bbd3f02-3059-5c24-8fc9-1ec502028d04

Deploying the software package using an Update Management policy

1. Go to 'Endpoint Protection' or 'Server Protection'
2. Select Policies
3. Select the 'Update Management' policy that applies to the devices you want to protect with the package. Click the policy to edit it.
4. Go to the Settings tab.
5. In 'Scheduled Updates', select the Maintenance Release (MR) package in the Windows drop-down menu.
6. Click 'Save'

That worked, thank you so much!