Sophos cloud endpoint: Multiple users getting "Caller Check Exploit Prevented in Microsoft Excel" when using custom spreadsheets

Just FYI there is a fix coming. I have been working with them to get this working. As it stands the latest version of Sophos includes this fix. The thumbprint of the event stays the same now allowing that exploit itsself to be added to the exceptions list. However for me it still remains an issue. I'm waiting to hear back from Sophos about this. As soon as i've got it working i will share the great news. 

Hi,

Has anyone considered creating a new Application Control policy, adding Microsoft Office suite and Excel as allowed applications?

This seemed to work for me.

It is just a stop-gap solution until a fix is issued by Sophos.

Thanks,

Kwame

That isn't a fix. You can't add MS Office Suite and Excel as exceptions. (Well you can, but if you do you're opening up a WHOLE bunch of vulnerabilities. ) 

Just FYI there is a fix for this coming in the next few weeks. So far the devs have managed to narrow it down and keep the thumbprint the same, whereas before it would change every time making it impossible to create an exception for. Will let you know when the fix is deployed and if it works. 

It's coming! 

Hi,

The way this problem is handled by Sophos is just mind-blowing!
From time to time we come to tell us "it's coming" and it has been months that it lasts!
This is probably because Excel is a little used software.

I do not understand that you can follow this as badly.

Regards,

We have a case open for this as well - Sophos recommends moving the affected machines over to the Early Access program for 2.0. We have been testing internally for a few weeks without major issues (Just the firefox loadlib known issue), so we are pushing out to some of the affected machines this week.

I would not recommend adding a scanning exclusion for any Office products as they are common methods for ransomware...

Greetings,

Any updates on this issue?  I have some users who are experiencing this also, submitted ticket with Sophos Support.

Andre

Due to the fact that I have users who need to use this feature in Excel, I had to implement this "Workaround".  According to Sophos Support, this issue is being worked by their Dev Team.

I added this location to the Global Scanning exclusion List:

C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel\ Integrated\bin\Microsoft.Mashup.Client.Excel.dll

Seems to be holding up so far :)

Regards,

Hey all! 

I can tell you i have a test version which appears to be working fine now with all users. I have been told the fix should be released with an update in the coming weeks. DON'T GIVE UP HOPE! 

Dear,

We have Version - 3.6.8.604 and Major Issues of such kind are resolved

When We had 3.6.3.583 we had Incident Requests Showered.

Thanks

Neel

Good morning,

How do you upgrade from 3.6.3.583 to 3.6.8.604?

Thanks,

Andre