This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Intercept X Blocking Legitimate Files

Dear All,

Sophos InterceptX has been blocking Legitimate Files (Macro-Enabled Excel, .exe Files Etc) as RUNTIME\EXPOLIT PREV Events. What are the options i have to avoid this?

1.Exclude Intercept X for Specific Devices (Huge RISK)

2.Exclude Excel from INTERCEPT X(We have Global Polices and we do not want Sub Group Policies created for Exceptions)So We are left with option Exclude Excel on All 10K Devices

3.In Global - Scanning Exclusions - Exclude the EVENT GENERATED for Exploit, However Every Detection gets recorded differently and blocks the file with new time stamps

P.S - Sophos Support states the way Excel Macros are created(in our CASE) are same as Malware Behavior so No luck in having it white listed from the Signature definitions updates.

Anyone else faced the same and had better luck in resolving this?

This thread was automatically locked due to age.

Parents

Jelle over 5 years ago

I don't see any issues with macro enabled excel files / excel files executing macros so I also think the blocking is caused by the macro itself.

Regards, Jelle

Sophos XG210-HA (SFOS 18.0.4) on SG210 appliances with Sandstorm and 1x AP55
Sophos Central with Intercept X Advanced, Device Encryption, Phish Threat, Mobile Control Advanced

If a post solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

Jelle over 5 years ago

I don't see any issues with macro enabled excel files / excel files executing macros so I also think the blocking is caused by the macro itself.

Regards, Jelle

Sophos XG210-HA (SFOS 18.0.4) on SG210 appliances with Sandstorm and 1x AP55
Sophos Central with Intercept X Advanced, Device Encryption, Phish Threat, Mobile Control Advanced

If a post solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data