[Updated 18th Jan 2018 - 13:01 UTC]
For the majority of endpoints affected by this issue it was automatically resolved on Saturday 13th Jan 2018. If you are still experiencing issues with 'APC Violation' detections which may cause computer screens to flash, please contact Sophos Support for assistance.
Please note: That while the issue may be resolved and files will no longer be getting blocked, you may have a backlog of messages (popups) that are still queued to be displayed on the endpoint. These messages can be ignored and will stop when the queue has been processed.
You can manually clear this backlog by deleting all the files in: C:\ProgramData\Sophos\Health\Event Store\Incoming
Then reboot the machine to clear any queued in memory.
Sophos is aware that a small amount of customers have reported multiple detections of 'APC Violation' exploits being detected in a variety of files, including SophosClean.
Applies to the following Sophos product(s) and version(s)
Sophos Intercept X
Legitimate applications being detected causing some applications to crash.
Sophos has confirmed the detections are an incorrect detection (not malicious). A fix for this is has been confirmed and is being rolled out to customers automatically now. Please be aware that it make take a few hours to reach everyone. No actions are required to be taken for this fix to be applied, providing an effected endpoint is online and connected to the Sophos Central console it will receive the fix.
The fix for this issue will be applied automatically to any affected endpoints providing they are online and able to connect to the Sophos Central Console.
Customers who wish to speed up the application of the fix can use the following instructions to refresh their policies and disable the APC Violation exploit feature.
The rollout has now been completed.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.