Last modified On 11 March 2015

[KB1350] Why does Sophos anti-virus software stop ClickShare from working? (Troubleshooting)

Short Description

Sophos Anti Virus is blocking the ClickShare client and preventing ClickShare from working. To overcome this add ClickShare to the “white list” of authorized applications used by the Sophos anti-virus software.

Answer

Add the ClickShare client into the “white list” of authorized applications used by Sophos Anti-Virus for Windows 2000+ and Sophos Anti-Virus Enterprise Console, by following the instructions below or requesting from your IT department:
To allow a group of users on your network to open the file or program, use Enterprise Console to authorize it. If you would like to allow access to this one computer only, authorize the file or program in the local computer.

1. Authorizing suspicious items in Enterprise Console

  1. Check which anti-virus and HIPS policy is used by the group(s) of computers you want to allow to access the item:
    • Find the group in the Groups pane.
    • Right-click and select View group policy details.
  2. In the Policies pane, double-click 'Anti-virus and HIPS'.
  3. Double-click the policy you want to change.
  4. In the 'Anti-virus and HIPS policy' dialog box, click 'Authorization'.
  5. In the Authorization Manager window, select the tab for the type of behaviour that has been detected, e.g. Buffer overflow.
  6. Find the file or program that has been detected and move it from the 'Known' list to the 'Authorized' list.
  7. Click 'OK'.

2. Authorizing suspicious items on the local computer

  1. If displayed, right-click the Sophos shield in the system tray and select ‘Open Sophos Endpoint Security and Control’ (or launch from Start|Programs|Sophos|Sophos Endpoint Security and Control).
  2. Select 'Configure anti-virus and HIPS'.
  3. Select 'Authorization'.
  4. In the Authorization Manager window, select the tab for the type of behaviour that has been detected, e.g. Buffer overflow.
  5. From the 'Known adware or PUA's' list locate the program that has been detected and move it to the 'Authorized adware or PUA's' list.
  6. Click 'OK'.

 

Tags: ClickShare • PQM • Sophos • antivirus • dll injection