ROP exploit prevented

Question

Hi 
 I have the same issue as the users in this thread. 
 https://community.sophos.com/community-chat/f/discussions/108211/rop-exploit-prevented-in-microsoft 
 Our users are trying to use a VoIP tool called VoIPOffice Communicator and Sophos is blocking them, we've been using this application for years now and the flag is a false positive for sure. 
 All the links provided for a workaround in the above URL is null and void. 
 I have added FOUR exclusions to Sophos Central now, but this is still being blocked. 
 Please help. 
 Thanks Steven

Qoosh · Answer

Hi fnanfne , 
 Thanks for reaching out to the Sophos Community Forum. 
 If you see unexpected detections come up on a device, I suggest trying to install the Intercept X Hotfix Package . 
 If this also does not work, you may want to try using steps under " Stop checking for a specific exploit on an application ". If you can look into the Windows Event Viewer to share the output from "Event ID 911" this will also provide more context on why the detection is being generated. The same information can also be found by clicking the "Details" button on the detection event from Sophos Central. 
 Sometimes this can be due to add-ons or 3'd party applications that interact with your Office apps.

fnanfne · Answer

Hi all thanks for the replies. 
 We don't use Sophos Firewall Wayne, so it can't be that. 
 It appears to have been some replication/delay issue. I touched base with the affected users the following day, and they said they are now able to open the application previously blocked by Sophos. 
 This delay is somewhat annoying as I did get the user to update the Sophos agent on their laptop quite a few times, and got them to reboot their machine as well. I also tried to update directly from Sophos Central but all of this was to no avail. 
 Thanks again for the input.

ROP exploit prevented

Submitted a Tech Support Case lately from the Support Portal?