Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 23 replies
  • Subscribers 19 subscribers
  • Views 128754 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Central / Intercept X and Skype for Business

Silvio F

Hey there,

 

We have some Major issues while using Sophos Central Endpoint / Intercept X and Skype for Business. Every time someone wants to start a videocall our SfB Client is crashing. There is no entry in the Sophos Eventlog that something blocks SfB or something issn´t permitted. SfB Calls without Video does´nt causing any Errors or Crash. If we deinstall the Sophos Agent everything is fine.

Does someone have similiar Problems and mabye a practical Solution for this Problem.

 



This thread was automatically locked due to age.
Parents
  • 0

    Ahahahaha! I cannot believe i have been dealing with this for weeks now and its actually sophos causing all the problems. I guess this is why they recommend disabling virus scanners while you are troubleshooting. Luckily i got lucky, because while i was waiting for office to reinstall i searched around and found this thread on technet:

     

    https://answers.microsoft.com/en-us/msoffice/forum/msoffice_sfb-mso_other/sharing-video-crashes-skype-for-business-and-skype/23db9c16-fc97-4645-9eb5-898165aa1433

     

    Where they finger, sophos and specifically intercept X which we yes, coincidentally deployed around the same time we started noticing this issue.

    I havent tried any work around yet, but sophos really? you need to fix this. Having some work around or having to exclude executables is BS. Is this block even logged anywhere on the sophos console? how the heck could people assume an application crash has to do with sophos? seeing as skype for business isnt the most stable application at the best of times, im sure most people would blame skype first.

    And this isnt some rinky dink application, its the most popular video conferencing application out there today for business! its simply unbelievable that you have known about this problem for months now and not done a damn thing to address it.

     

    https://software.intel.com/en-us/forums/intel-media-sdk/topic/591864

     

    edit: the workaround of excluding skype for business did work. But it was a bit hard to find.

    1) log into sophos central console

    2) click on MY product -> Endpoint protection

    3) click settings

    4) configure -> settings

    5) Endpoint Protection - Exploit Mitigation Exclusions

    6) add "skype for business" from dropdown list (i know not where this is populated from)

     

    of course it means that a virus writer need only to fake an executable to be skype for business and then they get in. I will echo the other posters alarm at having to exclude software from the virus scanner as a recommended resolution. This is obviously a false positive or a bug and should be fixed ASAP. Man hours are being lost troubleshooting this ridiculousness which is costing everyone time and money. Not to mention the amount of failed video calls calling into question our entire skype for business system over the last few weeks and having people lose confidence in the system, which sometimes takes YEARS to earn back.

    Its simply unacceptable!!!!

     

     

Reply
  • 0

    Ahahahaha! I cannot believe i have been dealing with this for weeks now and its actually sophos causing all the problems. I guess this is why they recommend disabling virus scanners while you are troubleshooting. Luckily i got lucky, because while i was waiting for office to reinstall i searched around and found this thread on technet:

     

    https://answers.microsoft.com/en-us/msoffice/forum/msoffice_sfb-mso_other/sharing-video-crashes-skype-for-business-and-skype/23db9c16-fc97-4645-9eb5-898165aa1433

     

    Where they finger, sophos and specifically intercept X which we yes, coincidentally deployed around the same time we started noticing this issue.

    I havent tried any work around yet, but sophos really? you need to fix this. Having some work around or having to exclude executables is BS. Is this block even logged anywhere on the sophos console? how the heck could people assume an application crash has to do with sophos? seeing as skype for business isnt the most stable application at the best of times, im sure most people would blame skype first.

    And this isnt some rinky dink application, its the most popular video conferencing application out there today for business! its simply unbelievable that you have known about this problem for months now and not done a damn thing to address it.

     

    https://software.intel.com/en-us/forums/intel-media-sdk/topic/591864

     

    edit: the workaround of excluding skype for business did work. But it was a bit hard to find.

    1) log into sophos central console

    2) click on MY product -> Endpoint protection

    3) click settings

    4) configure -> settings

    5) Endpoint Protection - Exploit Mitigation Exclusions

    6) add "skype for business" from dropdown list (i know not where this is populated from)

     

    of course it means that a virus writer need only to fake an executable to be skype for business and then they get in. I will echo the other posters alarm at having to exclude software from the virus scanner as a recommended resolution. This is obviously a false positive or a bug and should be fixed ASAP. Man hours are being lost troubleshooting this ridiculousness which is costing everyone time and money. Not to mention the amount of failed video calls calling into question our entire skype for business system over the last few weeks and having people lose confidence in the system, which sometimes takes YEARS to earn back.

    Its simply unacceptable!!!!

     

     

Children
  • 0 in reply to givemecontrol

    I agree with the fact that nothing has been done about this is unacceptable. The intel graphics DLL is what pops up as an exploit however pushing out the reg fix that was posted works for the most part. We used GP to apply that regrix upon signing in. This resolved the issue, however this still needs to be address in further versions of Sophos. 

    Putting an entire application in an exception list isn't really a fix as it can open up major vulnerabilities. However the regfix doesn't so i would recommend the regfix rather than putting the entire application in the exceptions list. 

Unfiltered HTML