Antivirus and Security Software from Sophos

Psst, Mac user! We have a free Mac anti-virus just for you.

Online support

Product maintenance

Contact support

Support services

Resource centers

UK IT Security Events

Get the low-down on our cup winning security solutions to provide you with a defence dream team

Sophos Windows Shortcut Exploit Protection Tool

This article describes a new Sophos tool that detects exploits in Windows shortcuts. Please note: If you have Sophos Endpoint Security and Control or Sophos Anti-Virus installed you do not need to download and install this tool, as this functionality is included in those applications.

How it works

The Windows Shortcut Exploit Protection tool runs whenever Windows tries to display an icon corresponding to a Windows shortcut. The tool intercepts this request and validates the shortcut. If the shortcut does not contain an exploit, the icon is displayed.

Otherwise, a message is displayed to the user and extraction of the icon is blocked:

Potential exploit found in shortcut [name.lnk]. Prevented launching file [name.lnk]
For more information, visit http://www.sophos.com/shortcut

FAQ

Can I use this tool if I already have Endpoint Security and Control or Sophos Anti-Virus installed?

You do not need to install this tool if you have existing Sophos security software installed. The functionality provided by this tool exists in the IDE file exp\cplink-a, so you will get no extra protection by installing this tool.

What happens if the same icon is requested in rapid succession?

In case the same icon is requested multiple times in rapid succession, the tool suppresses identical messages so that they do not clutter the desktop.

What does the tool consider an exploit?

A Windows shortcut is deemed to contain the exploit if:

  • it is a Control Panel shortcut,
  • and it points to an existing file that can be opened for execution,
  • and neither the shortcut nor the shortcut's target are on the computer's local disk.
Currently, the tool protects only LNK files. PIF file support may be added in a later release.

How is the tool installed?

The tool is installed and uninstalled using Microsoft's Installer. It can be installed on:

Windows XP, Windows Vista and Windows 7. It does not support Windows 2000.

For more information

If you would like to view more information about this exploit, visit The Windows Shortcut Exploit page on the Sophos website.

Support and guidance

If you do not have a valid Sophos license for Endpoint Security and Control or Sophos Anti-Virus, for support and guidance, please visit the SophosTalk forum.

If you are currently a Sophos customer with Endpoint Security and Control or Sophos Anti-Virus, please use the link below to contact Sophos Technical Support.

How can I uninstall the tool?

Use Add/Remove Programs to remove the tool.

If you need more information or guidance, then please contact technical support.