Dear All,
Sophos InterceptX has been blocking Legitimate Files (Macro-Enabled Excel, .exe Files Etc) as RUNTIME\EXPOLIT PREV Events. What are the options i have to avoid this?
1.Exclude Intercept X for Specific Devices (Huge RISK)
2.Exclude Excel from INTERCEPT X(We have Global Polices and we do not want Sub Group Policies created for Exceptions)So We are left with option Exclude Excel on All 10K Devices
3.In Global - Scanning Exclusions - Exclude the EVENT GENERATED for Exploit, However Every Detection gets recorded differently and blocks the file with new time stamps
P.S - Sophos Support states the way Excel Macros are created(in our CASE) are same as Malware Behavior so No luck in having it white listed from the Signature definitions updates.
Anyone else faced the same and had better luck in resolving this?
This thread was automatically locked due to age.
