Microsoft Power Query for Excel - False Flagging by Intercept/Crashes Excel

We have a few users that have Microsoft Power Query for Excel installed.  Whenever they enabled the add-in it crashes Excel.  If we disable Sophos Intercept it works just fine.  I can't seem to find where I can whitelist this COM Add-In.  Any ideas?  Sophos continually flags this in RCA as 'Exploit CallerCheck'.

  • In reply to RossFarm Machinery:

    Our Support Case is closed. The update 2-3 weeks ago solved our Problems. But if you have still Problems then open a Support Ticket.

  • In reply to Ecrook:

    I have a case open for this as well.  It's still in dev's hands.  Here is the response from the support agent assigned to my case:

    Dev in the final stages of testing (QA) the fix that they have created for this issue. If all goes well the next scheduled release should be early to mid August.

  • This issue is still crashing my Excel? I have raised a support case but im blocked from adding any details?

    What is the fix for this issue? It is appalling that my users cannot work and yet you are saying its fixed??

  • In reply to Andrew Skinner:

    My case is still in the "open-waiting" status.

  • In reply to John Ellery:

    Good evening John. I am from Sophos.

    We plan to never actually fix this issue.

    In actual fact, our next release is going to stop your telephone from working.... and the one after that will mean you can no other longer use a spoon.

    Yours

    Sophos

  • In reply to Andrew Skinner:

    I only can talk about the experiences in the Environment where the problems happenend. It´s W10 Excel2010+Powerquery and Sophos Central Endpoint Standard + Intercept X. And after the update in July the "CallerCheck Exploit" False Positive still happened but now the Exploit Exclusion for this particulary false postive is working. 

  • In reply to Ecrook:

    At least two of my users are getting this error even though he is using the supposedly fixed version of HitmanPro (593).  One user is trying to open a SQL database through Excel 2016.  He says it's been working for weeks and he just got the error today.  I've added the Exploit Exclusion for this particular false positive, but it's not working for him.  WTH!

     

    Cathy

  • In reply to Cathy Hooper:

    Hi All, 

    We identified the issue with the callercheck for the Excel ( WINEP-9533) and the issue is still with the dev team. If you have any similar issues reported in any of the cases, please do DM the case ID's so that we can have a look into it.

  • In reply to Gowtham Mani:

    DM?

    This is a show stopper for a major project, and only showed up yesterday after months of using the functionality.  What changed? When can I get a fix?

  • In reply to Cathy Hooper:

    Hi Cathy, 

    Please do DM the case ID so that we can have a look at it and the issue is being addressed by dev team.

  • Hi SecBug,

     

    We are encountering this kind of problem power query detected exploit as "callercheck" since we have migrated to cloud using Intercept-X even I exclude the exploit to the Global Policies. still it detects and blocks.

    I already report the issue to Sophos.

     

    Do we have any workarounds here?

     

    Thanks,

     

    Louis