This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

blizzard game clash

I wonder if anyone can help me, I am a user of Sophos Intercept X Essentials Endpoint.

As of the middle of February there was an automatic update to one of my products: Core Agent / Sophos Intercept X / Device Encryption which meant that I could no longer access various battlenet games on my computer (world or warcraft and heroes of the storm)

 

I contacted my IT support who manage the Sophos products on my computer as I had found others with a similar issue online, and sent the following email to them:

 

 

''I am having some issues with a personal program clashing with the latest update of the Sophos software from the middle of Feb. Apparently, the issue has been reported to Sophos and they have released a revised software update, versions:

|Sophos Intercept X| |FTS 2023.2.1.16-MR1|

|Device Encryption| |FTS 2023.2.1.6-MR1|

 

I’m currently running

|Sophos Intercept X| |FTS 2023.2.1.16|

|Device Encryption| |FTS 2023.2.1.6|

 

I’m currently running the standard released versions of these patches. would you be able to update my PC (not laptop) to the above MR1maintenance release versions, or alternatively are you able to grant me admin rights to the Sophos app so that I can add in exceptions?

 

https://support.sophos.com/support/s/article/KB-000038477?language=en_US Sophos advise the below steps are apparently how to add the software package(FTS).

Go to Sophos Central → Global Settings → Software package → Click (Add Software) → Copy the Software token from the shared article (1db71707-9ceb-5a43-833f-2599a9133c76) . → Click Save. Go to Sophos Central → Server/ Endpoint Protection → Policies → Add Policies( Update Management) → Settings → Windows (Add latest software package) Details of Packages.

 

 

Thanks in advance''

 

I was told by the IT support that they had contacted sophos support but unfortunately the Intercept X Essentials package is not able to install maintenance packages.

 

They subsequently added application exceptions for both of the games but this has not worked in allowing me to access the programs.

 

 

Do you 1) know when there will be a further update to whichever of the following products (Core Agent / Sophos Intercept X / Device Encryption) that would be causing the restriction to the games

or 2) do you know if there is a way for either the maintenance package to be installed, or if there is another way to add the exception for the games?

 

 

Thank you in advance



This thread was automatically locked due to age.
Parents
  • Hi David,

    Thanks for reaching out to the Sophos Community Forum. 

    When testing this, I confirmed that the hotfix package will prevent the false positive detections from being generated. Regarding the ability to apply hotfix packages, it would be best for us to connect with a member of your IT team to review the settings available in Sophos Central. 

    Can you provide the support case number related to your team's inquiry on your behalf? 

    Currently, it appears the next release of Sophos Endpoint that will include this fix is scheduled to be completed in late April. These dates are subject to change. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply
  • Hi David,

    Thanks for reaching out to the Sophos Community Forum. 

    When testing this, I confirmed that the hotfix package will prevent the false positive detections from being generated. Regarding the ability to apply hotfix packages, it would be best for us to connect with a member of your IT team to review the settings available in Sophos Central. 

    Can you provide the support case number related to your team's inquiry on your behalf? 

    Currently, it appears the next release of Sophos Endpoint that will include this fix is scheduled to be completed in late April. These dates are subject to change. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children
  • Hi Qoosh,

    thank you so much for your response, it's really good to know that the issue is on your agenda. i am eagerly awaiting the next release of Sophos Endpoint for the fix. do you have any update as to when this is likely to hit the live program at all?

    many thanks

  • Hi David, 

    While inquiring internally, it was mentioned that a device running Intercept X Essentials should be part of the "Recommended" release group. Additional information on what component versions you can expect to see is documented on the following page: 
    - Sophos Release Notes: Intercept X

    May I ask what version your device is reporting back now? My test device running the Recommended release did not run into any issues. 

    If your device continues to report an "FTS" version, I'd suggest enabling Remote Assistance from Sophos Central so I can inquire internally regarding your Sophos Central account. 

    I will follow up with you via PM to inquire further.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hi ,

    can you please let me know when the anticipated release that was delayed from April is planned to go live on intercept x Essentials? im still getting regular ''HollowProcess' malicious behavior prevented ...' whenever i try to load up any game, causing it to instantly clash and its getting really tiresome now.

    any updates at all?

  • they have stopped replying to me in private messages as well. After suggesting it would be fixed in April i have heard nothing since.

    it's really frustrating as this is effecting thousands of viewers, hence the 8000 plus views to this topic, and the thousands more posts on the blizzard forum post, and a lot of people are patiently waiting for a fix.

    Any update Sophos?!?!?!

  • Hi David1122,

    Apologies I was not able to get back to you sooner. When testing the latest releases of Sophos Endpoint, it appears this issue has re-emerged. 

    Could you and/or ANeusta open a support case related to this issue? Please provide the support case number so I may add relevant context where necessary. 

    If you require an immediate solution, you can add an exploit mitigation exclusion from Sophos Central for the particular game executable that launches. Additional information on adding this type of exclusion can be found at the following link. 
    - Exclude an application

    The easiest way I found to obtain the full path/exe needed for the exclusion is to:

    1. Open Task Manager
    2. Launch the game/app
    3. Expand "Battle.net,"
    4. Right-click the application (e.g., Wow) to view the properties of the application.
    5. Populate the full "Location" and "exe" into the exclusion UI.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids