Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 14 subscribers
  • Views 13904 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New Endpoint and intercept X Install - Office 365 getting SysCall blocked on all apps

John Maki

After i installed the software now Excel, Outlook, Internet Explorer etc all get blocked for "'SysCall' exploit prevented in IE". I can add a global application exception, but that doesn't solve the issue as it leaves the office apps unprotected.

 

Windows 10

Office 365

Intercept X - 3.6.14



This thread was automatically locked due to age.
  • 0

    I have a few users who are having Outlook issues (Windows 10 Enterprise x64). 

    I created a GPO to change the value of DWORD Caller in HKLM\SOFTWARE\HitmanPro.Alert\_profiles_\Office from 1 to 0. Restarting the HitmanPro.Alert service allowed Outlook to start.

    Occasionally, for those users, I have to restart the HitmanPro.Alert service again (no registrry changes) following a PC reboot so they can open Outlook.

    I have a case open with Sophos on this issue. 

  • 0

    The number of affected users who cannot start Outlook is growing. Some of them can get Outlook to start by rebooting their PC. Others have to wait until I can restart their HitmanPro.Alert service. 

    Sophos support -- I'm still waiting for a follow-up call from the escalation engineer. My case number is 7837673.

  • 0 in reply to JoeStern

    Not sure if you got your issue resolved in the meantime. For Office365 slowness or inability to start - try one to exclude the "OfficeClickToRun.exe" Process from O365 from AV scanning (not Exploits)

    I found in one case a client running O365, Intercept X together with a 3rd party AV solution. In my case Opening of a small Excel document out of Outlook took up to a minute (or even longer) on a affected client- without any visible hint or obvious reason, and office programs startup.

    No idea why, but after (File or Folder (Windows)) excluding the OfficeClickToRun.exe process, which usually is found under "C:\Program Files\Common Files\microsoft shared\ClickToRun\" those client the Office 365 programs started quickly, and opening of the documents was quick as expected.

    Maybe it might work for the one or other guy here in the forum too.

    There also might also be other ClickToRun issues if I read posts like this here:M$ Technet Forum about a CLR issue

    /Sascha

  • 0

    Ok so we found the issue. It seems in my particular case since i was testing out multiple Endpoint solutions that Palo Traps and Sophos did not work well together. Removed Traps and it works fine. Also had to upgrade to a newer client. Apparently mine was a Beta verison for endpoint and intercept x. Thanks everyone!

Unfiltered HTML