We have a couple of computers that are being blocked from a Sharepoint site with the Sophos message "'Lockdown' exploit prevented in Internet Explorer". These computers were able to access the same site yesterday. There were six Windows patches installed last night that may be contributing as some other computers where the patches haven't installed aren't experiencing the "'Lockdown' exploit prevented in Internet Explorer" block when getting to the exact same Sharepoint site. These are the patches that were installed: Cumulative security update for Internet Explorer: February 13, 2018 (KB4074736) 2018-02 Security Only Quality Update for Windows 7 for x64-based Systems (KB4074587) 2018-02 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4074598) Security Update for Microsoft Office 2010 (KB4011707) 32-Bit Edition Security Update for Microsoft Office 2010 (KB3114874) 32-Bit Edition Security Update for Microsoft Outlook 2010 (KB4011711) 32-Bit Edition I'm wondering if anyone else has encountered any issues with these patches in relation to Sharepoint and Sophos.

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

'Lockdown' exploit prevented in Internet Explorer accessing Sharepoint site?

We have a couple of computers that are being blocked from a Sharepoint site with the Sophos message "'Lockdown' exploit prevented in Internet Explorer". These computers were able to access the same site yesterday. There were six Windows patches installed last night that may be contributing as some other computers where the patches haven't installed aren't experiencing the "'Lockdown' exploit prevented in Internet Explorer" block when getting to the exact same Sharepoint site.

These are the patches that were installed:

Cumulative security update for Internet Explorer: February 13, 2018 (KB4074736)
2018-02 Security Only Quality Update for Windows 7 for x64-based Systems (KB4074587)
2018-02 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4074598)
Security Update for Microsoft Office 2010 (KB4011707) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3114874) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB4011711) 32-Bit Edition

I'm wondering if anyone else has encountered any issues with these patches in relation to Sharepoint and Sophos.

This thread was automatically locked due to age.

Parents

0 Dakota Smith1 over 5 years ago

So this still has not been fixed? Any word from Sophos other than the work-around they've offered?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Dakota Smith1 over 5 years ago

So this still has not been fixed? Any word from Sophos other than the work-around they've offered?
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Wing Truong over 5 years ago in reply to Dakota Smith1

We're on version 2.0.3 of Intercept X and still getting the exploit lockdown in IE11 for Windows 7 still.

We've since removed Internet Explorer from the Exploit Mitigation Exclusions since we felt that exposed us to too many things and instead added the financial websites to the Trusted Sites list using GPO.

Hope they release an update soon as our Trusted Sites list is growing.
Cancel
Vote Up 0 Vote Down

Cancel
0 Barb@Sophos over 5 years ago in reply to Wing Truong

Hi,

The rollout for Intercept X 2.0.5 started on Tuesday May 29th and will continue until June 12th (v2.0.4 was re-spun as 2.0.5). Releases are performed in groups, if you contact support, they can assist in getting you moved into a group that already has the update

The release notes and bug fixes can be found here

Barb@Sophos
Community Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 mmacwan over 5 years ago in reply to Barb@Sophos

We have received the update for Intercept X but we are getting the Lockdown exploit for an internal application we run. So it is no longer popping up for IE
Cancel
Vote Up 0 Vote Down

Cancel