Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
Calibre Library is book management software. https://calibre-ebook.com/
False positive is reported. Sophos saying "I'll investigate the logs"
Anyway, I 've already tried to exclusion. But It does not except. Here for the my exclusion list screenshots.
How do I except for Calibre Library? Any advice please?
It is not recommended to add exclusions for any software and is best to get it checked with Sophos Support.
What is the name of the detection?
You can try excluding the process of Calibre Library and check if that helps. (You can exclude any process running from a specified executable. This also excludes files that the process uses, but only when they are accessed by that process. Check the Help supported wildcards and expansion variables.)
If it detected by Intercept X as an exploit detection, then you can try excluding it from Endpoint Protection> Policies> Select the threat protection policy applicable on the machine> Exclusions> Add Exclusion.
Select "Exclusion Type" as Detected Exploits (Windows/Mac) from the drop-down menu and select the event where it was detected. Save the policy.
In reply to Yashraj:
Yashraj What is the name of the detection?
Not detection. Just blocked deletion process of the Calibre Library. After turing off the “Anti-Ransomware detect” option, the Calibre Library is works normally.
YashrajYou can try excluding the process of Calibre Library and check if that helps.
Yes. I was tried ten or more times. This ways is NOT working. Did you check my screenshot?
In reply to FoW:
Thank you for the video. It has made a lot of things clear.
This issue needs further investigation from our Technical Support team. Can you please PM me your case number so that I can ask them to contact you ASAP?
If you have not registered a case yet, please open a support ticket.
After various requests from Sophos, I received the following reply 40 days ago.
I have already checked this with our GES team and we need a statement from Calibre about what is crashing as we can't debug the crash.
Once, we have a statement given from them, we can work with them directly(Meaning the Dev team can be involved).
Looking forward to hear from you soon.
Ninety days have passed since the first report, but the problem remains.
I would request you to PM me the case number so that I can look in to this.