[KB1350] Sophos Anti Virus blocks ClickShare client (Troubleshooting)

Short Description

Sophos Anti Virus blocks ClickShare client

Answer

Add the ClickShare client into your White list of Sophos.

 Sophos Anti-Virus for Windows 2000+
Enterprise Console

What to do

When you receive an alert about a specific file or program, you must decide whether to authorize it. The desktop alert on the local computer and the 'Alert and error details' tab in Enterprise Console both provide a link to more information about the potential threat.

To allow a group of users on your network to open the file or program, use Enterprise Console to authorize it. If you would like to allow access to this one computer only, authorize the file or program in the local computer.

1. Authorizing suspicious items in Enterprise Console

  1. Check which anti-virus and HIPS policy is used by the group(s) of computers you want to allow to access the item:
    • Find the group in the Groups pane.
    • Right-click and select View group policy details.
  2. In the Policies pane, double-click 'Anti-virus and HIPS'.
  3. Double-click the policy you want to change.
  4. In the 'Anti-virus and HIPS policy' dialog box, click 'Authorization'.
  5. In the Authorization Manager window, select the tab for the type of behavior that has been detected, e.g. Buffer overflow.
  6. Find the file or program that has been detected and move it from the 'Known' list to the 'Authorized' list.
  7. Click 'OK'.

2. Authorizing suspicious items on the local computer

  1. If displayed, right-click the Sophos shield in the system tray and select ‘Open Sophos Endpoint Security and Control’ (or launch from Start|Programs|Sophos|Sophos Endpoint Security and Control).
  2. Select 'Configure anti-virus and HIPS'.
  3. Select 'Authorization'.
  4. In the Authorization Manager window, select the tab for the type of behavior that has been detected, e.g. Buffer overflow.
  5. From the 'Known adware or PUA's' list locate the program that has been detected and move it to the 'Authorized adware or PUA's' list.
  6. Click 'OK'.

Tags: ClickShare • PQM • Sophos • antivirus • dll injection