Help us enhance your Sophos Community experience. Share your thoughts in our Sophos Community survey.

how to exclude application from HMPA DLLHijackGuard

We have an application that is found safe from Sophos Labs Team.

How would I exclude it in Central?

I have disabled all features on the endpoint as a test and it is still detected. Excluded the process path. No luck.

Mitigation   DLLHijack
Policy       DLLHijackGuard
Timestamp    2024-04-25T08:10:10

Platform     10.0.22631/x64 v3 06_ba*
PID          12588
Enabled      0BF820B040000000
Silent       0080000000000000
Application  C:\Program Files\Snipaste-1.16.2-x64\Snipaste.exe
Created      2024-04-24T08:13:57
Modified     2018-01-21T16:17:13
Description  Snipaste 1.16.2

OUTBREAK MODE

\??\C:\Program Files\Snipaste-1.16.2-x64\MSVCR120.dll blocked from loading, loading from \??\C:\Windows\system32\ instead


Process Trace
1  C:\Program Files\Snipaste-1.16.2-x64\Snipaste.exe [12588]
2  C:\Windows\explorer.exe [11288] *

Thumbprint
59c2a25884fd69881920579a1c16d3dd987eeacf60ef10225c0a707de268bf17
Module based thumbprint (pfn-mod)
650a5519ca3fd4bdfee606715eb323173d885d2c5742de59feeb6f182134e3ac
Process based thumbprint (pfn)
c477db6f5b0ce224ce79670cf53e2806b8dbade1a802ccb762db19e4b9113445



Edit tags
[edited by: GlennSen at 7:48 AM (GMT -7) on 1 May 2024]
Parents Reply Children
No Data