Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 10 subscribers
  • Views 7687 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos blocks Sysinternals Process Explorer and quarantines it as Controlled Application

Rudolf Zorn

I am working in a company with normal User Credentials, and recently Sophos AV didn't get Updates anymore, so I had to let it re-install anew by a tech Admin via Remote.

Right after that, the situation in the title appeared. Process Explorer, which I use now for several years (more than ten), can't be used anymore.

Process Explorer by Mark Russinovich can be downloaded from Microsoft Docs, I cannot understand why it is suddenly a controlled application.

Now, since I am not given any user rights to authorize this program (alledgedly the tech department doesn't know how....) I would like to suggest to remove this software from the list of controlled applications.

Thanks in advance



This thread was automatically locked due to age.
Parents
  • +1

    Hi  

    In the "Application control" policy, applications are authorized by default. System administrators select the applications they want to block. Please check this article to block/unblock the listed application. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • 0 in reply to Shweta

    Hi Shweta, thanks for the answer. So the Admin did not say the truth to me when he said that he didn't block Process Explorer intenional, when I said to him it wasn't blocked before the re-install ? Did he have to activate blocking of this program manually ? -Sadly I couldn't see what he did b/c it was remotely done and I was locked out during the process.

  • +1 in reply to Rudolf Zorn

    I suspect what has happened is in the Application Control policy:

    The person who configured the Application Control policy applied to your device or user checked the "NEW APPLICATIONS ADDED TO THIS CATEGORY BY SOPHOS" option.  So as soon as Sophos added this it was blocked.

    Regards,
    Jak

  • 0 in reply to jak

    Thank you jak ! Of course, as a user, I do not know this configuraton tool. It is most likely what is mentioned in the article that Shweta linked above.

    Why Sophos added this application in 2020 eludes me. It is a proven tool and has, amongst other things, a lower cpu footprint than the regular taskmanager.

    I could use it up to now only without admin rights anyway.

    Interesting detail: The admin I spoke to didn't even know Process Explorer.

Reply
  • 0 in reply to jak

    Thank you jak ! Of course, as a user, I do not know this configuraton tool. It is most likely what is mentioned in the article that Shweta linked above.

    Why Sophos added this application in 2020 eludes me. It is a proven tool and has, amongst other things, a lower cpu footprint than the regular taskmanager.

    I could use it up to now only without admin rights anyway.

    Interesting detail: The admin I spoke to didn't even know Process Explorer.

Children
No Data
Unfiltered HTML