This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

how to exclude application from HMPA DLLHijackGuard

We have an application that is found safe from Sophos Labs Team.

How would I exclude it in Central?

I have disabled all features on the endpoint as a test and it is still detected. Excluded the process path. No luck.

Mitigation   DLLHijack
Policy       DLLHijackGuard
Timestamp    2024-04-25T08:10:10

Platform     10.0.22631/x64 v3 06_ba*
PID          12588
Enabled      0BF820B040000000
Silent       0080000000000000
Application  C:\Program Files\Snipaste-1.16.2-x64\Snipaste.exe
Created      2024-04-24T08:13:57
Modified     2018-01-21T16:17:13
Description  Snipaste 1.16.2

OUTBREAK MODE

\??\C:\Program Files\Snipaste-1.16.2-x64\MSVCR120.dll blocked from loading, loading from \??\C:\Windows\system32\ instead


Process Trace
1  C:\Program Files\Snipaste-1.16.2-x64\Snipaste.exe [12588]
2  C:\Windows\explorer.exe [11288] *

Thumbprint
59c2a25884fd69881920579a1c16d3dd987eeacf60ef10225c0a707de268bf17
Module based thumbprint (pfn-mod)
650a5519ca3fd4bdfee606715eb323173d885d2c5742de59feeb6f182134e3ac
Process based thumbprint (pfn)
c477db6f5b0ce224ce79670cf53e2806b8dbade1a802ccb762db19e4b9113445



This thread was automatically locked due to age.
Parents
  • For now, as a quick fix, I assume it would work to prevent injection of hmpalert.dll into "C:\Program Files\Snipaste-1.16.2-x64\Snipaste.exe".  You can add that as 


    That would prevent all mitigations being performed on the process but I would think should at least work.

Reply
  • For now, as a quick fix, I assume it would work to prevent injection of hmpalert.dll into "C:\Program Files\Snipaste-1.16.2-x64\Snipaste.exe".  You can add that as 


    That would prevent all mitigations being performed on the process but I would think should at least work.

Children