I need a resolution for this false positive that does not completely whitelist Excel.
This is directly relevant to the following thread:
This was supposed to be resolved by the end of November.
We need a resolution now.
Rather than replace all your 64-bit versions of Excel with 32-bit versions or vice versa (we only have 64 bit and have the same problems), you could put in an exploit mitigation exclusion until Sophos release an update to address this. I have been told several times that this is in the works but neither the release notes from the past two months nor the feedback here suggest that current versions are able to distinguish this acceptable traffic from anomalous malicious traffic. We use an app called Axiom EPM that was the first one that brought this to our attention but whitelisting its EXEs and directories were sufficient until some of our business analysts started working with Microsoft Power Query for Excel. You may wish to follow up with your account manager in reference to bug ID WINEP-6445.
Rather than replace all your 64-bit versions of Excel with 32-bit versions or vice versa (we only have 64 bit and have the same problems), you could put in an exploit mitigation exclusion until Sophos release an update to address this. I have been told several times that this is in the works but neither the release notes from the past two months nor the feedback here suggest that current versions are able to distinguish this acceptable traffic from anomalous malicious traffic. We use an app called Axiom EPM that was the first one that brought this to our attention but whitelisting its EXEs and directories were sufficient until some of our business analysts started working with Microsoft Power Query for Excel. You may wish to follow up with your account manager in reference to bug ID WINEP-6445.
