Excel.exe version 16.0.7369.2118 contained by Containment Policy

Noiden · September 27, 2017, 1:51pm

Hi,

Hmm, why is this Excel.exe and also Word.exe from the same version contained? Should they not be Trusted from Comodo?


Name:
EXCEL.EXE
Path:
C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
Age:
496 days
Hash:
C58F71A63D98D0416B13F13AC14EA22708035F71
Version:
16.0.7369.2118
Size:
32.5 MB


Name:
WINWORD.EXE
Path:
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
Age:
496 days
Hash:
B3344B093925B8080D13CE1BB5E525AEFC200158
Version:
16.0.7369.2118
Size:
1.9 MB

Thanks.

nct · September 27, 2017, 4:11pm

We’ve been experiencing the same issue today, but after a few reboots the issue has been resolved. We have also been advised by support to add %windir%\system32\audiodg.exe to shellcode injection exclusions.

Jimmy · September 27, 2017, 6:53pm

Hello @Noiden

We have raised a support ticket in investigating your case. Please reply to our email as soon as possible, Thank you

nct · September 27, 2017, 8:23pm

@Jimmy @Noiden please could you post the outcome of this issue here.

Anna_C · September 27, 2017, 10:43pm

Hello @nct,

Yes we will also post the outcome here.

nct · September 28, 2017, 12:45am

Since notifications don’t always work on the forum, please email me, too.

Anna_C · September 28, 2017, 2:16am

Hello @nct,

We have sent you an email regarding with this case to make sure that you will also be updated.

nct · September 28, 2017, 7:40am

@Anna_C email has not been received, please resend.

Jordan_C · September 28, 2017, 8:00am

Hi @nct ,

I’ve already resent the email. Thank you.

nct · September 28, 2017, 10:32am

We’re also seeing this MS file being contained. It seems to be a new Office update file. Logged with Comodo support who are aware already of the issue C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8500.40955.0_x64__8wekyb3d8bbwe\HxTsr.exe

Jordan_C · September 28, 2017, 11:40am

Hi @nct ,

We’ve already replied to the supported ticket. Thank you.

nct · September 28, 2017, 12:11pm

I’ve now been informed by development the file is now trusted by Valkyrie

Parker · September 28, 2017, 12:26pm

Hi @nct . Thank you for your time earlier and we are glad that it is working now as expected. Hi @Noiden, we had send you an email about your preferred schedule for the session. We will look forward for your response.

ahmetenes · September 28, 2017, 12:46pm

Hello @Noiden ,

The issue is fixed with new CCS Hotfix. Please make sure that you have the latest version of the agent.

https://c1forum.comodo.com/forum/products/other-comodo-products/comodo-device-management/17518-ccs-hotfix-for-auto-containment-of-windows-processes-issue

Thanks
AhmetEnes