Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 9 subscribers
  • Views 6066 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ROP Exploit message when the TV component of Windows Media Center is opened

Tim Rawe

Hi support

I've hit a problem (that others seem to have experienced) of a false positive happening with Windows Media Center. More specifically the main app can run, but as soon as Live TV is clicked the whole app is closed down with the ROP Exploit message. I've tried adding an exclusion to the c:\windows\ehome folder but this either hasn't worked or the exclusion hasn't come down from our Sophos Central admin console. Is this the right way to add an exclusion to allow this app to work?

Many thanks

Tim Rawe

 



This thread was automatically locked due to age.
Parents
  • 0

    As i understand one Option is-

    You can add the Application to the Exploit Prevention Mitigation List as seen below so that its excluded

  • 0 in reply to skyisbluescreen

    Thank you. Interestingly when I first tried this I was just presented with a drop down list of various applications, but not the one I was interested in, so looked elsewhere.

    I then added a scanning exclusion for the relevant folder, and for the file involved. Today, having followed your advice I have the program listed in the exclusions drop down, so hopefully this should fix the issue. Was this entry provided by the exclusion error message or the action of adding the scanning exclusion?

    Thanks again for your help.

  • 0 in reply to Tim Rawe

    Well When You Try adding a Scanning Exclusion, Did you try for a "DETECTED EXPLOIT (WINDOWS)" Exclusion?

     

     

    My Understanding is Sophos Blocks Certain Pattern Of Application Execution as Exp Prev Event(Most Of The Time They are False Positive), If you find the specific event under the Detected Exploits then you can Permit an Exclusion.

    However, This may not help as Files like Excel are blocked under various Scenarios by Sophos like

    -> Macro 

    -> VB Execution

    -> Excel triggering from an Application, Etc

Reply
  • 0 in reply to Tim Rawe

    Well When You Try adding a Scanning Exclusion, Did you try for a "DETECTED EXPLOIT (WINDOWS)" Exclusion?

     

     

    My Understanding is Sophos Blocks Certain Pattern Of Application Execution as Exp Prev Event(Most Of The Time They are False Positive), If you find the specific event under the Detected Exploits then you can Permit an Exclusion.

    However, This may not help as Files like Excel are blocked under various Scenarios by Sophos like

    -> Macro 

    -> VB Execution

    -> Excel triggering from an Application, Etc

Children
No Data
Unfiltered HTML