False positive - Exclaimer Signature Manager

We have an open ticket for this (reference 7379239), but haven't had much response so far.

Environment:

Windows 2012 R2 AD

Clients: Windows 7 (some Pro, some Enterprise, mix of 32-bit and 64-bit)

 

Software: Signature Manager generates Outlook signatures based on policies and information in AD. These are stored on a file share on an application server as compressed archives.

Clients run a small executable from the logon script. This connects to the share, downloads the current archive and unpacks it to the user's Signatures folder in their profile.

This worked fine until 27 June, from which point InterceptX started identifying the executable as ransomware.

 

The last response we had from support was on 29 June when it was agreed to transfer the ticket to UK support.

 

I've looked in sophserv.sophos.com, but the ticket isn't visible there.

 

Any suggestions?

  • Same problem here.... Exsync.exe is seen as an exploit on some workstations....

  • In reply to apijnappels:

    Thanks for confirming (always good to know it's not just us!)

     

    Support sent me a link to a pre-release update which appears to have resolved the issue. It's flagged as for test only, not for general release. If you haven't logged it with support, please do - it might help get the update released sooner.

  • In reply to Les Bessant:

    Do you happen to have a support case number or such so I can refer to it in my support call?

  • In reply to apijnappels:

    Yup - our case number is 7379239

  • In reply to Les Bessant:

    There doesn't seem to have been a general release of this update, so we still have the issue....

  • In reply to Les Bessant:

    We also have this problem, exsync.exe is giving a false positive on some computers (including my own with Windows 10 32-bit installed).

    Is your problem solved or did you get an update on this issue? I am very interested if the problem has been solved in your case.

  • In reply to Pascal Steen:

    Pascal Steen

    We also have this problem, exsync.exe is giving a false positive on some computers (including my own with Windows 10 32-bit installed).

    Is your problem solved or did you get an update on this issue? I am very interested if the problem has been solved in your case.


    If you suspect the detection to be false positive, please contact support with the following details so that it can be fixed.

    1. Information on the application triggering the detection.
    2. A copy of the following folder or gather all folders if multiple folders exist: C:\Windows\CryptoGuard\reverted_xxx
    3. The output of the Sophos Diagnostic Utility (SDU).