Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 13 subscribers
  • Views 8108 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Penpower not work after install sophos endpoint standard and intercept x

MurMan

HI All,

 

I am facing the problem, the penpower doesn't work after installed the sophos endpoint standard and intercept x (sophos central version) on PC. Even I set the the penpower folder in exclusion list (Policy Scanning Exclusions) and update penpower driver. 

Any one has idea?

 

Thanks and regards,

Murphy



This thread was automatically locked due to age.
Parents
  • 0

    Is there a process or processes that are associated with this software?  It maybe a service or services as well?

    Running Process Explorer (technet.microsoft.com/.../processexplorer.aspx) might help to find it/them.  Using the Path, Company Name, etc..

    I suppose the first thing might be to determine the processes involved and work out if it's 32 or 64 bit.

    If 32-bit on 64-bit OS, rename

    C:\Windows\SysWOW64\hmpalert.dll

    to hmpalert.dll.test and re-launch the process.  Does this fix it?

    If it's a 32-bit computer or a 64-bit process on a 64-bit computer do the same with:

    C:\Windows\System32\hmpalert.dll

    This will prevent the hmpalert.dll being injected into processes as a test.

    They key thing is to prove that it is the injection of a DLL into the process is the issue and witch processes are affected.

    Then next step might be to look under:
    HKEY_LOCAL_MACHINE\SOFTWARE\HitmanPro.Alert
    To find reference to the processes involved and see what template is applied.  This will tell you what mitigations are applied.  From there it is possible to toggle through the various mitigations applied.

    Note: In order for the values in the registry to apply once changed manually you would need to restart the "HitmanPro.Alert service" service.

    Given all of this you might be able to say the issue is with ProcessX.exe where mitigation x is applied.  This would be a useful level of information to know.

    Regards,
    Jak

     

     

Reply
  • 0

    Is there a process or processes that are associated with this software?  It maybe a service or services as well?

    Running Process Explorer (technet.microsoft.com/.../processexplorer.aspx) might help to find it/them.  Using the Path, Company Name, etc..

    I suppose the first thing might be to determine the processes involved and work out if it's 32 or 64 bit.

    If 32-bit on 64-bit OS, rename

    C:\Windows\SysWOW64\hmpalert.dll

    to hmpalert.dll.test and re-launch the process.  Does this fix it?

    If it's a 32-bit computer or a 64-bit process on a 64-bit computer do the same with:

    C:\Windows\System32\hmpalert.dll

    This will prevent the hmpalert.dll being injected into processes as a test.

    They key thing is to prove that it is the injection of a DLL into the process is the issue and witch processes are affected.

    Then next step might be to look under:
    HKEY_LOCAL_MACHINE\SOFTWARE\HitmanPro.Alert
    To find reference to the processes involved and see what template is applied.  This will tell you what mitigations are applied.  From there it is possible to toggle through the various mitigations applied.

    Note: In order for the values in the registry to apply once changed manually you would need to restart the "HitmanPro.Alert service" service.

    Given all of this you might be able to say the issue is with ProcessX.exe where mitigation x is applied.  This would be a useful level of information to know.

    Regards,
    Jak

     

     

Children
No Data
Unfiltered HTML