Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 9 subscribers
  • Views 11766 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Malicious behavior exception?

ViciousMagician1116

I am trying to make a bootable USB stick from an ISO, something I have done for years and yesterday Sophos started stopping it with this message: "'WipeGuard' malicious behavior prevented in Rufus"

 

How can I allow this?



This thread was automatically locked due to age.
  • 0

    If you disable the option in the Web interface: "Master Boot Record Protection" (under Configure - Advanced).

    Then on the endpoint, this toggles the registry key string value:
    HKEY_LOCAL_MACHINE\SOFTWARE\HitmanPro.Alert\
    WipeGuard="off"

    turning it back on will delete the WipeGuard value.

    Does turning this option off help just to confirm?

    Regards,

    Jak

     

  • 0 in reply to jak

    I couldn't find anythig in the Central web site for configure>Advanced or MBR.

    I manually changed that registry entry and it didn't make any difference. 

     

    EDIT:  Ok I did find the setting finally.  End Point Protection>Under Configure "Policies"> selected my policy> Settings >  Turned off "Protect from master boot record ransomware and destructive attacks"   

    Now I was able to make the bootable USB. 

  • 0 in reply to ViciousMagician1116

    OK, just for completeness, local registry modification would always require you to restart the Hitman Pro Service.

Unfiltered HTML