This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Increase of Exploit ROP being caught in Microsoft Surface Pros

I am noticing a trend in the Root Cause Analysis on Sophos Central. Several of end user Surface Pros are getting flagged with Exploit ROP. When I checked with one user he said he was getting the warning message right after log in.

This has been happening for about a month which was about when Microsoft pushed out the Fall Creators update. So, I think these errors may be tied to that. Are any other community members seeing this issue?

Thanks,

Rick

This thread was automatically locked due to age.

Vikas over 6 years ago

Hi Rick,

We have similar issues pop-up.

Can you confirm if you still have the face problem as we've rolled out newer versions of Intercept X since then.

If yes, please gather SDU Logs http://www.sophos.com/support/knowledgebase/article/33533.html and keep them ready to share with us when you raise a call with Support.

Revert when you have the Case ID

Thanks,

Vikas
Cancel
Vote Up 0 Vote Down

Cancel
Rick DeFilippo over 6 years ago

I think it may have to do with the Windows 10 cache (perhaps a corruption). I am seeing it on Surface Pros and PCs with Windows 10.

I had one user restart his Surface Pro to clear the cache and that made the detections go away for a while. My next step is to have him restart his Surface Pro once a week before he goes to lunch. and see if that puts an end to the detections. Once I confirm it's related to cache I will submit my results to Sophos support.
Cancel
Vote Up 0 Vote Down

Cancel