Hello there!
Today we had a user who had their outlook closed as a pop up from sophos told them a notification mentioning DEP. The user lost data as the draft emails they were typing got lost as well (while they were typing them).
I have found in the EVENT Logs this event:
Mitigation DEP
Platform 10.0.16299/x64 v732 06_8e
PID 11744
Application C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Description Microsoft Outlook 16
EIP = 0x13B251E0 : (anonymous)+0x5651E0
State = 0x00001000
Type = 0x00020000
Protect = 0x00000004
13B251E0 8C DB 0x8c
13B251E1 755D JNZ 0x13b25240
13B251E3 40 INC EAX
13B251E4 0100 ADD [EAX], EAX
13B251E6 0000 ADD [EAX], AL
13B251E8 0000 ADD [EAX], AL
13B251EA 0000 ADD [EAX], AL
13B251EC 0000 ADD [EAX], AL
13B251EE 0000 ADD [EAX], AL
13B251F0 0000 ADD [EAX], AL
13B251F2 0000 ADD [EAX], AL
13B251F4 0000 ADD [EAX], AL
13B251F6 0000 ADD [EAX], AL
13B251F8 0000 ADD [EAX], AL
13B251FA 0000 ADD [EAX], AL
13B251FC 0000 ADD [EAX], AL
Process Trace
1 C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE [11744]
2 C:\Windows\explorer.exe [9316]
3 C:\Windows\System32\userinit.exe [7264]
Thumbprint
93e57b556a252b2fde83c0ddd219f17a43fefa2d9ee08fcb0cb675c480efc904
Log Name: Application
Source: HitmanPro.Alert
Event ID:911
Any thoughts as to how we can prevent this? or what to check?
Thank you!
N@
****************UPDATE 11/04/2018***************
Product version number: Sophos Intercept X 2.0.2
We only have Intercept X not the endpoint software.
This happened on a machine which was built in the last couple of weeks so any Sophos fixes which have been released before then should be on the machine.
This thread was automatically locked due to age.