This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

False positive - Exclaimer Signature Manager

We have an open ticket for this (reference 7379239), but haven't had much response so far.

Environment:

Windows 2012 R2 AD

Clients: Windows 7 (some Pro, some Enterprise, mix of 32-bit and 64-bit)

 

Software: Signature Manager generates Outlook signatures based on policies and information in AD. These are stored on a file share on an application server as compressed archives.

Clients run a small executable from the logon script. This connects to the share, downloads the current archive and unpacks it to the user's Signatures folder in their profile.

This worked fine until 27 June, from which point InterceptX started identifying the executable as ransomware.

 

The last response we had from support was on 29 June when it was agreed to transfer the ticket to UK support.

 

I've looked in sophserv.sophos.com, but the ticket isn't visible there.

 

Any suggestions?



This thread was automatically locked due to age.
Parents Reply Children
  • We also have this problem, exsync.exe is giving a false positive on some computers (including my own with Windows 10 32-bit installed).

    Is your problem solved or did you get an update on this issue? I am very interested if the problem has been solved in your case.

  • Pascal Steen said:

    We also have this problem, exsync.exe is giving a false positive on some computers (including my own with Windows 10 32-bit installed).

    Is your problem solved or did you get an update on this issue? I am very interested if the problem has been solved in your case.


    If you suspect the detection to be false positive, please contact support with the following details so that it can be fixed.

    1. Information on the application triggering the detection.
    2. A copy of the following folder or gather all folders if multiple folders exist: C:\Windows\CryptoGuard\reverted_xxx
    3. The output of the Sophos Diagnostic Utility (SDU).

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.