Sophos blocking "iLok" licensing application

We run a small licensing application on a server, and the same client runs on student PCs in our media lab.  The application named "iLok" started failing a few weeks ago, and after some investigation it is Sophos blocking it.  We found by trial and error that If we turn off "Exploit Mitigation", iLok runs without an issue.  I added several different exploit mitigation exclusions from Sophos Central using wildcards, but the program still fails.  Any suggestions on how to locate what additional files or executables need to be excluded?

Program Information:

C:\Program Files (x86)\iLok License Manager - program directory

C:\Program Files (x86)\Common Files\PACE - service directory (service runs the following:  "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u https://activation.paceap.com/InitiateActivation)

I used wildcards for most of the exclusions, could that be the issue? For example the exploit exclusion I added: C:\Program Files (x86)\Common Files\PACE\*

Waiting on Sophos Support to assist, but wanted to see what the community thought. When it tries to run it gets the following error.  Turning off exploit mitigation it starts working correctly on every machine, including the server.



Edit Tags
[edited by: GlennSen at 2:19 PM (GMT -7) on 3 Sep 2024]
Parents
  • Hi Josh,

    Thanks for reaching out to the Sophos Community Forum.

    When you populate an Exploit Mitigation Exclusion, the exclusion UI looks for the specific executable you want to exclude. If you've entered your exclusion leaving it open-ended with no executable specified, it will not work. 

    I'd suggest trying something like this: "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe"

    Are you seeing any detections or warnings raised from Sophos when these issues occur, or is the issue only evident in iLok?

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply
  • Hi Josh,

    Thanks for reaching out to the Sophos Community Forum.

    When you populate an Exploit Mitigation Exclusion, the exclusion UI looks for the specific executable you want to exclude. If you've entered your exclusion leaving it open-ended with no executable specified, it will not work. 

    I'd suggest trying something like this: "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe"

    Are you seeing any detections or warnings raised from Sophos when these issues occur, or is the issue only evident in iLok?

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children