This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HitmanPro.alert and MsOffice

Hi,

It seems that last version of Sophos Endpont Advanced v11.5.2  is crashing MsOffice. Specifically HitmanPro.alert service.

Once service is disabled crashing stops. 

Have following exceptions

Application Control:

 

Exploit mitigation Exclusions.

 

 

Note: Was working perfect before v11.5.2 

There is addons in MsExcel. But no in MsWord.

Both crashing when HitmanPro.alert service is running.

Any help would we appreciated.

 

Regards

Ray



This thread was automatically locked due to age.
Parents
  • Hi,

    I wonder if it's the mitigations?  Looking under:

    HKEY_LOCAL_MACHINE\SOFTWARE\HitmanPro.Alert\EXCEL.EXE and HKEY_LOCAL_MACHINE\SOFTWARE\HitmanPro.Alert\WINWORD.EXE (Maybe: HKEY_LOCAL_MACHINE\SOFTWARE\HitmanPro.Alert\_sophos_)

    ... I assume they are classified as "Office".  In which case the mitigations applied are configured here:

    HKEY_LOCAL_MACHINE\SOFTWARE\HitmanPro.Alert\_profiles_\Office

    They are either on (1) or off (0).

    What if you close EXCEL.EXE and WINWORD.EXE, stop the HMPA service.

    Set all of the keys to 0, start the HMPA service and then see if you still have the issue.  Hopefully not.

    Then I would repeat the steps above adding the mitigations until you find the one or combination of options. 

    You do have to re-launch the applications and restart the HMPA service for the new settings to take when done in this way.

    Hopefully this might narrow it down more.

    Regards,

    Jak

Reply
  • Hi,

    I wonder if it's the mitigations?  Looking under:

    HKEY_LOCAL_MACHINE\SOFTWARE\HitmanPro.Alert\EXCEL.EXE and HKEY_LOCAL_MACHINE\SOFTWARE\HitmanPro.Alert\WINWORD.EXE (Maybe: HKEY_LOCAL_MACHINE\SOFTWARE\HitmanPro.Alert\_sophos_)

    ... I assume they are classified as "Office".  In which case the mitigations applied are configured here:

    HKEY_LOCAL_MACHINE\SOFTWARE\HitmanPro.Alert\_profiles_\Office

    They are either on (1) or off (0).

    What if you close EXCEL.EXE and WINWORD.EXE, stop the HMPA service.

    Set all of the keys to 0, start the HMPA service and then see if you still have the issue.  Hopefully not.

    Then I would repeat the steps above adding the mitigations until you find the one or combination of options. 

    You do have to re-launch the applications and restart the HMPA service for the new settings to take when done in this way.

    Hopefully this might narrow it down more.

    Regards,

    Jak

Children
No Data