Thread Info
  • Locked Locked
  • Replies 5 replies
  • Subscribers 13 subscribers
  • Views 13880 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exploit APCViolation - Executables including "SophosClean.exe"

Brett Burda

community.sophos.com/.../128101

In case anyone else runs into this and is looking for answers. Since 8:00pm CST on 1-12-2018 we are receiving "APCVoilation" alerts blocking all sorts of executables - explorer.exe, sophosclean.exe, svchost.exe...

According to support, this is caused by the recent update to help mitigate "... a very recent method of attack." For the machines that have this problem, roughly 100 out of 1000 machines, the only differentiator that I can tell is Netmotion VPN software. These machines are anywhere from usable with virus alert popups in the corner, to unusable with explorer constantly crashing and restarting.

I will update this when we have the issue resolved.



This thread was automatically locked due to age.
Parents

  • We too have been battling this issue all day today.  They say they have fixed the problem, but computers that use Netmotion are unable to access the Internet to get the update.  We have found that removing the current version of Mobility and installing the newest version fixes the issue.

  • in reply to Tony Harrell

    Tony - thanks for the tip!  What version was installed, what version did you go to?  We are currently on 10.72.56065 (apologies went off memory, this is the corrected version number) - we did not try updating versions, but in our case, thankfully we did not need to.

     

    Also - see my reply above, you may want to try pushing the key I mentioned and rebooting.  That was all we needed to get them back online.

  • in reply to Brett Burda

    Sorry, long day.  We were on 10.72 and we updated to 11.31.  The problem we have had and are still having is trying to get the old version uninstalled.  We have successfully run the office cleaner tool from a command line to remove the old version.  Just running the new version upgrade does not work, as Explorer keeps restarting.

  • in reply to Brett Burda

    Thanks for that script.  It is working for us as well from a thumb drive.  Then we can more easily deploy the new version of Mobility via SCCM.

Reply Children
No Data
Unfiltered HTML