Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 1 reply
  • Subscribers 3 subscribers
  • Views 3744 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problems with Sophos and Photoshop

Doug Coleman

Sometimes when I'm working with a bunch of files in Photoshop, I get a Sophos randsomware message and Photoshop stops working.

https://storesmart.com/Photoshop_error 16_1of2.jpg

https://storesmart.com/Photoshop_error 16_2of2.jpg

It happens about once a week and I'm trying to narrow down the trigger. I have an action in Photoshop that saves files in bulk, and I think this error occurs somewhere in the middle of that action, after a bunch of files have been saved. After the Sophos message, I cannot save any files at all from withing Photoshop until I restart my computer.

I asked on the Photoshop forums, and someone there said "Sophos is blocking execution of some kind of script associated with Photoshop.exe."

Windows 7

Sophos Endpoint V11.5.2

Photoshop CS5



This thread was automatically locked due to age.
Parents
  • +1

    I don't know much about Photoshop but I see two possible routes to solve this:

    1.
    In Photoshop, can you adjust the rate of this bulk task?  
    Could the processing be made to go slower to the point where you don't see this?
    Does the same task have issues to different destinations? I see it's going to a UNC path? What about if you map a drive to the location and specify that in the batch job?
    Do you see the issue if you chose, say C:\test for example?
    It seems like it's triggering some sort of behaviour that looks similar to how crypto malware might rapidly open/update/save multiple files in a short space of time on a file share.

    2.
    In the Windows event log, when you get the detection from Sophos, does it have a thumbprint in the event details.  I believe you might be able to whitelist this in the registry.  I would suggest dropping Support an email about this.

    Hope it helps.

    Regards,

    Jak 

Reply
  • +1

    I don't know much about Photoshop but I see two possible routes to solve this:

    1.
    In Photoshop, can you adjust the rate of this bulk task?  
    Could the processing be made to go slower to the point where you don't see this?
    Does the same task have issues to different destinations? I see it's going to a UNC path? What about if you map a drive to the location and specify that in the batch job?
    Do you see the issue if you chose, say C:\test for example?
    It seems like it's triggering some sort of behaviour that looks similar to how crypto malware might rapidly open/update/save multiple files in a short space of time on a file share.

    2.
    In the Windows event log, when you get the detection from Sophos, does it have a thumbprint in the event details.  I believe you might be able to whitelist this in the registry.  I would suggest dropping Support an email about this.

    Hope it helps.

    Regards,

    Jak 

Children
No Data
Unfiltered HTML