Print Audit 6, Sophos and Windows 7

Issue:

On booting the PC, the Sophos software reported and quarantined the following:

  1. pa6clhlp.exe - detected as exhibiting suspicious behaviour (identified as HIPS/ProcInj-002)
  2. C:\windows\system32\drivers\mchinjdrv.sys - detected as Adware (identified as MadCodeHook)

Solution:

It would appear that the Sophos program is incorrectly identifying what PA6 does as suspicious. Authorizing the two items in the Sophos Quarantine Manager resolves the situation, allowing the PA6 client to work properly. Furthermore the file (mchinjdrv.sys) will not be found on the hard disk even after Sophos is told to authorize it and remove from quarantine.

This issue would appear to be specific to Sophos Endpoint Control on 32-bit Windows 7 clients, it does not occur on XP or 64-bit versions of Windows 7 as far as we can see.

How did we do with this article?