Jump to content
abytedifferent

Sophos Incompatibility?

Recommended Posts

Greetings, 

 

I have just started to using Immunet as a secondary scanner in my k-12 organization. When installed, Sophos AV triggeres most productivity executable as a SysCall Exploit. (Office and Acrobat reader mostly) I have also trimmed down Immunet to have everything "OFF' however the only way to prevent this from issue from occurring is to disable the exploit mitigation portion of Sophos. We were really attracted to the Immunet product as it worked with existing AVs. Is there a known incompatibility between Immunet and Sophos (with intercept-X)?

 

Sophos Logs:

____________________________

Mitigation   SysCall

 

Platform     10.0.15063/x64 v604 06_3d

PID          2232

Application  C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

Description  Microsoft Word 14

 

Reason       NTDLL32 Bypass

Callee Type  ProtectVirtualMemory

 

0x02D3000C  c21400                   RET          0x14

 

Process Trace

1  C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [2232]

"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\***\***\***\***.doc"

2  C:\Windows\explorer.exe [9024]

3  C:\Windows\System32\userinit.exe [7692]

4  C:\Windows\System32\winlogon.exe [1032]

winlogon.exe

____________________________

 

thanks!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...