Jump to content


Photo

Sophos Incompatibility?


  • Please log in to reply
No replies to this topic

#1 abytedifferent

abytedifferent

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 23 September 2017 - 11:32 PM

Greetings, 
 
I have just started to using Immunet as a secondary scanner in my k-12 organization. When installed, Sophos AV triggeres most productivity executable as a SysCall Exploit. (Office and Acrobat reader mostly) I have also trimmed down Immunet to have everything "OFF' however the only way to prevent this from issue from occurring is to disable the exploit mitigation portion of Sophos. We were really attracted to the Immunet product as it worked with existing AVs. Is there a known incompatibility between Immunet and Sophos (with intercept-X)?
 
Sophos Logs:
____________________________
Mitigation   SysCall
 
Platform     10.0.15063/x64 v604 06_3d
PID          2232
Application  C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
Description  Microsoft Word 14
 
Reason       NTDLL32 Bypass
Callee Type  ProtectVirtualMemory
 
0x02D3000C  c21400                   RET          0x14
 
Process Trace
1  C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [2232]
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\***\***\***\***.doc"
2  C:\Windows\explorer.exe [9024]
3  C:\Windows\System32\userinit.exe [7692]
4  C:\Windows\System32\winlogon.exe [1032]
winlogon.exe
____________________________
 
thanks!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users