Intercept X is blocking IO of the Calibre Library but not reporting. How do I except?

Hi FoW, 

It is not recommended to add exclusions for any software and is best to get it checked with Sophos Support. 

What is the name of the detection?

You can try excluding the process of Calibre Library and check if that helps. (You can exclude any process running from a specified executable. This also excludes files that the process uses, but only when they are accessed by that process. Check the Help supported wildcards and expansion variables.)

If it detected by Intercept X as an exploit detection, then you can try excluding it from Endpoint Protection> Policies> Select the threat protection policy applicable on the machine> Exclusions> Add Exclusion. 

Select "Exclusion Type" as Detected Exploits (Windows/Mac) from the drop-down menu and select the event where it was detected. Save the policy.

 What is the name of the detection? 

Not detection. Just blocked deletion process of the Calibre Library. After turing off the “Anti-Ransomware detect” option, the Calibre Library is works normally.

You can try excluding the process of Calibre Library and check if that helps.

Yes. I was tried ten or more times. This ways is NOT working. Did you check my screenshot?

Thanks.

Hi FoW, 

Thank you for the video. It has made a lot of things clear. 

This issue needs further investigation from our Technical Support team. Can you please PM me your case number so that I can ask them to contact you ASAP?

If you have not registered a case yet, please open a support ticket. 

After various requests from Sophos, I received the following reply 40 days ago.

I have already checked this with our GES team and we need a statement from Calibre about what is crashing as we can't debug the crash.

Once, we have a statement given from them, we can work with them directly(Meaning the Dev team can be involved).

Looking forward to hear from you soon.

Ninety days have passed since the first report, but the problem remains.

Hi FoW 

I would request you to PM me the case number so that I can look in to this.

Case number is 8560276.

I've checked Sophos Central & Sophos Home. Cryptoguard is can't to exclusion for Calibre Library. Because, it is not recognized self block process.

It is the third quarter that Sophos received the report. The bug hasn't been fixed yet and no feedback has been given to the customer.

Hi FoW 

Thank you for providing the case number. I checked the case and noticed that the case has been closed on 4th March 2019 due to lack of response. I would request you to open another support ticket mentioning this case number so that we can help you get this issue sorted at the earliest. You can PM me the case number so that I can look into it as well.

Hi. The reply was late. At the time I was tired of the administrative process and my license was terminated.

Luckily I got a Sophos HOME license and created a new ticket over here. It's a ticket for Sophos HOME, but I get the same problem with Intercept X.

Support Request number: 39334

Hi FoW 

Thank you for providing me the ticket number for Sophos Home. I have asked the concerned team to look into it.