False positive - Exclaimer Signature Manager

We have an open ticket for this (reference 7379239), but haven't had much response so far.


Windows 2012 R2 AD

Clients: Windows 7 (some Pro, some Enterprise, mix of 32-bit and 64-bit)


Software: Signature Manager generates Outlook signatures based on policies and information in AD. These are stored on a file share on an application server as compressed archives.

Clients run a small executable from the logon script. This connects to the share, downloads the current archive and unpacks it to the user's Signatures folder in their profile.

This worked fine until 27 June, from which point InterceptX started identifying the executable as ransomware.


The last response we had from support was on 29 June when it was agreed to transfer the ticket to UK support.


I've looked in sophserv.sophos.com, but the ticket isn't visible there.


Any suggestions?