Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 6 subscribers
  • Views 2081 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos tries to contact a server on my company VPN

jasimon9

Periodically my outbound firewall LittleSnitch tells me that Sophos AV for Mac is trying to contact the IP at 10.0.0.98. This would be the address of the DNS nameserver that my company operates over a VPN.

Why would Sophos be trying to contact this server?

:1010760


This thread was automatically locked due to age.
Parents
  • 0

    Just to clarify: Live Protection uses custom DNS requests to contact Sophos regarding suspicious files.  The DNS lookup request is actually transferring the data to be examined to the Live Protection server; the response to this request contains the "good/bad" verdict.  This data does not contain any actual content from your computer, but contains a hash of the flagged file, to be compared to known hashes in the Live Protection system.  For it to work, Little Snitch has to let these queries go through.

    If you have auto-update and live protection disabled, Little Snitch should not be triggering any Sophos-related connection attempts.

    :1010806
Reply
  • 0

    Just to clarify: Live Protection uses custom DNS requests to contact Sophos regarding suspicious files.  The DNS lookup request is actually transferring the data to be examined to the Live Protection server; the response to this request contains the "good/bad" verdict.  This data does not contain any actual content from your computer, but contains a hash of the flagged file, to be compared to known hashes in the Live Protection system.  For it to work, Little Snitch has to let these queries go through.

    If you have auto-update and live protection disabled, Little Snitch should not be triggering any Sophos-related connection attempts.

    :1010806
Children
No Data