Hi,
I've recently completed limited testing of a new login script based on AutoIt. It's a compiled EXE file, and it runs blindingly fast on every system I tested it on. Even those with SAV installed.
I then released it into a limited amount of computers and laptops in my surrounding area - this is where I've hit an issue. The program performs fine with SAV, as stated, but if the computer has SAV+SCF installed, the SAVService.exe jumps up to 99% usage and stays there until the program exits, and the login script takes approx. 5mins to execute (vs. approx. 5-10secs on any other system).
To begin with, Sophos had logged the file in quarantine as "HIPS/IPConnect-001", so I added my file to the authorized list under AV/HIPS config. I also added its checksum and application to the firewalls allowed applications list. Doing so only prevented the errors from appearing in Sophos, the system was still slowed as soon as the application ran.
If I uninstall SCF, the issue goes away. If I disable SCF (Allow all traffic), the issue does *NOT* go away. And to throw another spanner in the works, if I leave SCF installed, and enabled, *BUT DISABLE* HIPS "Detect suspicious behavior", the program works fine.
Can anyone shed some light on the issue here? Why does Sophos hate my application, but only under certain circumstances? :smileysad:
This thread was automatically locked due to age.
