Jump to content

Sophos Incompatibility?

Recommended Posts



I have just started to using Immunet as a secondary scanner in my k-12 organization. When installed, Sophos AV triggeres most productivity executable as a SysCall Exploit. (Office and Acrobat reader mostly) I have also trimmed down Immunet to have everything "OFF' however the only way to prevent this from issue from occurring is to disable the exploit mitigation portion of Sophos. We were really attracted to the Immunet product as it worked with existing AVs. Is there a known incompatibility between Immunet and Sophos (with intercept-X)?


Sophos Logs:


Mitigation   SysCall


Platform     10.0.15063/x64 v604 06_3d

PID          2232

Application  C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

Description  Microsoft Word 14


Reason       NTDLL32 Bypass

Callee Type  ProtectVirtualMemory


0x02D3000C  c21400                   RET          0x14


Process Trace

1  C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [2232]

"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\***\***\***\***.doc"

2  C:\Windows\explorer.exe [9024]

3  C:\Windows\System32\userinit.exe [7692]

4  C:\Windows\System32\winlogon.exe [1032]





Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now