This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos cloud endpoint: Multiple users getting "Caller Check Exploit Prevented in Microsoft Excel" when using custom spreadsheets

I need a resolution for this false positive that does not completely whitelist Excel.

This is directly relevant to the following thread:

https://community.sophos.com/intercept/f/information/82464/microsoft-power-query-for-excel---false-flagging-by-intercept-crashes-excel

This was supposed to be resolved by the end of November. 

We need a resolution now.

 



This thread was automatically locked due to age.
Parents
  • Hi,

    The way this problem is handled by Sophos is just mind-blowing!
    From time to time we come to tell us "it's coming" and it has been months that it lasts!
    This is probably because Excel is a little used software.

    I do not understand that you can follow this as badly.

     

    Regards,

  • We have a case open for this as well - Sophos recommends moving the affected machines over to the Early Access program for 2.0. We have been testing internally for a few weeks without major issues (Just the firefox loadlib known issue), so we are pushing out to some of the affected machines this week.

     

    I would not recommend adding a scanning exclusion for any Office products as they are common methods for ransomware...

  • Greetings,

     

    Any updates on this issue?  I have some users who are experiencing this also, submitted ticket with Sophos Support.

     

    Andre

  • Due to the fact that I have users who need to use this feature in Excel, I had to implement this "Workaround".  According to Sophos Support, this issue is being worked by their Dev Team.

     

    I added this location to the Global Scanning exclusion List:

     

    C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel\ Integrated\bin\Microsoft.Mashup.Client.Excel.dll

     

    Seems to be holding up so far :)

     

    Regards,

Reply
  • Due to the fact that I have users who need to use this feature in Excel, I had to implement this "Workaround".  According to Sophos Support, this issue is being worked by their Dev Team.

     

    I added this location to the Global Scanning exclusion List:

     

    C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel\ Integrated\bin\Microsoft.Mashup.Client.Excel.dll

     

    Seems to be holding up so far :)

     

    Regards,

Children