Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 13 replies
  • Answers 1 answer
  • Subscribers 10 subscribers
  • Views 7731 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Lockdown preventing valid application from running

Ken Etter

I have an application that was updated and now Sophos is blocking it from running.  In the Win10 Event Viewer, HitmanPro.Alert Events, I see Mitigation: Lockdown on application javaw.exe.  The actual application is a java app that is called from a web browser.  If I remove Sophos from the PC, it works perfectly.  I have tried a mix of global exclusions and local policy exclusions and nothing appears to have any affect on the computer.

If I look in the Threat Analysis Center, the processes listed are chrome.exe, zcchelper.exe, and javaw.exe.  But file exceptions for zcchelper.exe and javaw.exe don't help.

Any suggestions for fixing this?  At this point, I am planning to remove Sophos from my Management PC so I can do my job.  I've been running Sophos AV for ages and this is the first time I have ever had it prevent me from actually doing legitimate work.  It is a bit frustrating.

Thanks in advance for any help.
Ken



This thread was automatically locked due to age.
  • 0 in reply to Ken Etter

    But wouldn't using the Exploit Mitigation exception for "javaw.exe" be very similar to disabling "Protect Java application"? I mean it would technically be only the one executable of the java family. It wouldn't be as broad as the previous solution though.

  • 0 in reply to FPTHE

    I just worked on this some more to tighten things up.  Turns out GPTool.exe and ZCCHelper.exe do not need to be excluded, so I deleted the exceptions for them.  I modified the javaw.exe exception to include the exact path.  It is located in the ZENworks folder.  So yes, it is similar, but disabling "Protect Java application" opened up all of Java and the exception as I now have it is limited to this one executable in this one location.

    I do wish I could just select the thumbprint like I have in the past, but it appears Sophos has changed something, so this is the best I can do at the moment.  Although I am open to suggestions if anyone has any.

    Ken

  • 0 in reply to Ken Etter

    Thank you Ken for sharing what you found out.

    We will create that exception on our end too.

    Florian

Unfiltered HTML