We'd love to hear about it! Click here to go to the product suggestion community
All of a sudden this am, a few of my users are reporting that media player classic is crashing to desktop. Sure enough when i try it on their machines its true. temporarily disabling sophos endpoint, and media player classic is working fine.
There is nothing in the logs of the machine, or the event log on cloud.sophos.com (as normal, how hard is it to LOG when sophos DOES SOMETHING...) ffs...
Once i figure out wtf component is doing the blocking, im sure i can whitelist it somewhere. But this is damned annoying sophos... At least i just skip straight to disabling the virus scanner when these things happen because i KNOW if *** just randomly starts breaking whose fault it generally is...
seems like it was the component "exploit mitigation" which does not seem to have a policy.
I have been able to work around this now by whitelisting using "exploit mitigation" ( https://docs.sophos.com/central/Customer/help/en-us/central/Customer/tasks/ep_exploitmitigationexclusions.html )
basically go to settings -> global exclusions -> then add an exclusion of type "exploit mitigation" and find the two media player classic items (32 and 64 bit) and create rules. Was pretty quickly solved after that.
can we work towards not randomly banning mission critical applications please?
In reply to givemecontrol:
Out of interest, what was in the Application event log, Event ID 911?
In reply to jak:
nope it manifested as a straight up crash, ID 1000 Application error
Faulting application name: mpc-hc64.exe, version: 184.108.40.206, time stamp: 0x57800c12Faulting module name: ntdll.dll, version: 10.0.17763.592, time stamp: 0x0f1b8afdException code: 0xc0000005Fault offset: 0x000000000000f891Faulting process id: 0x2e1cFaulting application start time: 0x01d54c958c666f20Faulting application path: C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exeFaulting module path: C:\WINDOWS\SYSTEM32\ntdll.dllReport Id: 0502082f-99e5-40d4-928f-1d54a21e8491Faulting package full name: Faulting package-relative application ID:
Faulting application name: mpc-hc64.exe, version: 220.127.116.11, time stamp: 0x57800c12Faulting module name: mpc-hc64.exe, version: 18.104.22.168, time stamp: 0x57800c12Exception code: 0xc000041dFault offset: 0x00000000006351d8Faulting process id: 0x30ecFaulting application start time: 0x01d54c94d22ba5b4Faulting application path: C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exeFaulting module path: C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exeReport Id: bc0b6a69-3a47-45fb-8e2d-6c7a8ea534deFaulting package full name: Faulting package-relative application ID:
Might be worth capturing a full process dump when it crashes. I always perform the following steps:
Would you consider uploading the dump file?Regards,Jak
yeah sorry i am understaffed and just fighting fires these days. I dont have time to do this. plus i have to break it again and i am not doing that. We use media player classic to listen to voicemails, as well as being the default audio player for the computer. So it affects many people when its not working.
I am sure i am not the only one, so maybe the next hapless soul who runs across this can do your diagnostics.