Sophos & XLS Padlock

KenPascoe

KenPascoe

New member
Howdy All

I looking for a utility to distribute an Excel workbook in a secure format, and I’m evaluating XLS Padlock vs LockXLS (and Spreadsheet Sentry) and also considering an Excel Compiler as well. Any input would be welcome - my client is concerned about the data stored in the tables in hidden worksheets more than the formulas used to calculate. I’m not concerned about the VBA code that much except where it pertains to permitting access to the worksheet data. In any event I will deploy the result as securely as I can, including hiding the VBA editor. I’m working through the XLS Padlock Manual now. So nice to have an offline PDF to work with. Kudos for that.

In the short term however - I run Sophos on my computers and nothing I do so far has permitted me to open the EXE file created by XLS Padlock. The equivalent file from Lock XLS tripped the Sophos as well - but I was able to authorise access. So far - no success with the XLS Padlock EXE (query to Sophos logged). If anyone has any suggestions, please advise.

Also I would like to discuss XLS Padlock with anyone who has any spare time at the moment and has been using it for a while. Specifically how secure it is; and whether this is a good solution or should my client be looking at a compiler version instead. This is a short term deployment as eventually (6-12 months) the workbook will be re-developed as a web based solution.

Thanks again, Ken
 
Do you use Sophos antivirus or their specific InterceptX software?
As you know, Excel has never been designed to store sensitive data efficiently.
You can try to get an acceptable way by storing sensitive data within hidden sheets as you said (and in XLS Padlock, it’s possible to make hidden sheets remain hidden by forbidding access to the VBA editor and, of course, with no access to the original Excel workbook file).

For a third-party review of XLS Padlock, here is a screenshot:

And the link to the course in question:
https://www.udemy.com/course/excel-to-exe-make-secure-windows-applications-from-excel/

You can also try to contact Dan @excelvbaisfun on this forum.
 

Attachments

  • image.png
    image.png
    65.1 KB · Views: 0
Howdy

Ok, well getting an answer back this quickly is a great start - thanks.

I use Sophos Home. I have had an answer from them with things to try and will get onto that and pass it along here if it works. At some point if would be good to know why the EXE produced by Padlock is stopped by Sophos but the XLSLock one not as badly.

In any event thanks also for the review. To be honest I was ok with XLSLock but was doing some due diligence. While XLSLock seeks adequate - the interface is dodgy (spelling, layout, just the basics!) and Padlock just seems more professional. If I can solve this virus problem (on my machine and where-ever it ends up) then it seems a better way to go.

Thanks, Regards Ken
 
Howdy

Sophos have told me to do the following. It’s a pretty serious degradation of my firewall/virus scanner which concerns me somewhat. For whatever reason (please don’t read anything disparaging into this) but the LockXLS file required approval to run from Sophos, but that was it. For whatever reason after several approvals I can get the PadLock file itself to run but as soon as Excel starts to run with it - Sophos kills it and I can’t get any further along without resorting the to the following.

I am wondering if signed code would make the difference. is there anyway I can test sign me EXE to see if Sophos will let it through any more easily? Or - any other suggestions?

Thanks, Ken
You need to follow the article below, step by step to fix this issue.

Adding local exclusions/Allowing Installations and/or applications to run
(Restart the PC after each step and reproduce the issue)

*First, add a local exclusion for XLS Padlock and see if that fixes the issue. *

If the first step didn’t work then remove MS Excel from the protected application and see if that fixes the issue. ( Sophos does not recommend to turn off protections for applications. These steps shall be performed at your discretion. )

Disable Exploit Mitigation protection will be the last step to resolve the issue. ( Temporarily disabling exploit mitigation leaves your computer vulnerable during this short time. Please perform these steps at your own discretion. )

*All of the above steps are in the article on how to do it. I would also recommend submitting a sample to the Sophos lab to further investigate this. *

How to submit samples of suspicious files/ false positives to Sophos

Please let me know if this doesn’t work for you.
 
Signing code definitively helps with antivirus software, but in case of Sophos InterceptX (anti-exploit), it looks like they don’t allow our software XLS Padlock to hook into the Excel.exe process, while any other antivirus accepts it.
It looks like to be a bug into their own code hooking implementation, but they did not fix it, although they are aware of the problem. As you posted, they even wrote an article with a temporary solution about that problem.
As said before, other antivirus Norton or McAfee which also implement Exploit Mitigation protection do not cause Excel to crash when XLS Padlock is run. Hopefully, we might find a workaround, but the problem seems not to lie in our code.
 
Ok, that’s a little disapointing (of Sophos). I’ll disable my scanner to do some testing of the EXE and see how it works on some of the systems I need i to work on. Thanks again for the quick reply.
 
Update.

I’m, still stuck with the following two images. I have uploaded diagnostics to Sophos for analysis. I’ve tried turning off real time protection and that doesn’t solve the issue.

More to come …

Ken

1

2
 
It’s because Sophos prevents XLS Padlock EXE file from hooking some Windows APIs in the Excel.EXE process. It’s not due to the real-time scan engine of Sophos, but rather to their HitmanPro.Alert or InterceptX part that tries to protect Excel from exploits.
 
Ok - got Sophos sorted, and working with the product now - thanks very much. Hopefully we’ll be making a decision and an order this week.

Regards Ken
 
That’s very good news indeed. Did you get an information from them or you just updated the Sophos software?
 
There was a little finger trouble on my part working out exactly what to disable to get it working. But basically I had to turn off the sections of Sophos that were causing trouble. They have told me their developers are looking at it - we’ll see.

The client is evaluating the result and are please with the model of making encrypted workbooks that can be passed around. However I had some questions over compatibility elsewhere in the forum when you have time.

Thanks again, Regards, Ken.
 
The developers have identified the issue and will address it in a future release. In the meantime you can continue with the workaround we identified.

Once the fix is live it will be in the release notes for the new version.
 
No problem. Please note that some of the following may not be required - it’s just where I’ve ended up. Sophos have advised they are looking at changes to the software - I will report back further if they advise of any changes. For the moment I’m just getting this thing out the door - I will start rolling back the disabled protections to see what does a doesn’t work and report further.

Finally - before doing this, do some Googling to identify the risks you are exposed to by turning off these protections.

First - Run the EXE a few times. Each time Sophos stops it with a warning, click to head on into the web interface and Allow/Ignore the activity that caused Sophos to step in. Eventually you get to the point where Excel should be (finally) opening the workbook, and doesn’t.

After that - you need to establish any of the following settings that you haven’t achieved so far. See images at the bottom.
  1. Add the folder into which you’re storing the EXEs in to Exception List under Real Time Protection
  • Protection … General … Real Time Protection
  1. Add the folder into which you’re storing the EXEs in to the Exception List under Malicious Traffice Detection
  • Protection … General … Malicious Traffic Detection
  1. Add the folder into which you’re storing the EXEs in to the Scheduled Scan Exceptions.
  • Protection … General … Exceptions
  1. Turn off Prevent APC Violation
  • Protection … Exploits … Advanced Settings … Prevent APC Violation
  1. Turn Off Excel in Protected Applications
  • Protection … Exploits … Protected Applications , Show Applications … Microsoft Excel
image

image
 
Last edited:
You must log in or register to reply here.
Back
Top