Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 66 replies
  • Subscribers 6 subscribers
  • Views 265751 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mac OS X 10.9 "Mavericks" and SAV for Mac

bobcook

Apple released Mac OS X 10.9 "Mavericks" today, free for everyone with Snow Leopard or newer.

We've been testing our product with this release for many months now and had made numerous changes in version 9.0.3 (the version published about a month ago). The significant changes required were to change how we were building, codesigning, and installing our kernel extensions. You will now find two copies of our kext: one in /System/Library/Extensions and another in /Library/Extensions. This follows Apple's recommendation to support people transitioning from 10.8 to 10.9.

The kexts in /System/Library/Extensions are present for compatiblity with versions of Mac OS X prior to 10.9. Starting in "Mavericks" the location is /Library/Extensions. We are codesigning the kexts in /Library/Extensions to conform to Apple's security requirements.

If you have issues, please report them in this thread.

:1013899


This thread was automatically locked due to age.
Parents
  • 0

    Hi Dan,

    The "block access to malicious websites" feature connects to our SXL servers while the browser request is in flight. We hold the response from the remote server until we get an answer (or timeout).

    Can you traceroute and/or ping to http.00.s.sophosxl.net and see where its going?

    We initially will attempt an HTTP connection (via TCP) to this server. This might fail if the route from your machine to the internet is being filtered (authenticating proxy, for example). If blocked, the software will attempt fallback to doing DNS lookups (over UDP). These can be very, very problematic for some upstream DNS servers as they might not like the "rather large" DNS requests we are making (typically near the limit of the specification's allowed size).

    Wireshark is likely your friend to see what might be actually happening on the wire. Look for HTTP transactions and DNS transactions with "sophosxl" in the destination hostname.

    :1014191

    ---

    Bob Cook (bob.cook@sophos.com) Director, Software Development

Reply
  • 0

    Hi Dan,

    The "block access to malicious websites" feature connects to our SXL servers while the browser request is in flight. We hold the response from the remote server until we get an answer (or timeout).

    Can you traceroute and/or ping to http.00.s.sophosxl.net and see where its going?

    We initially will attempt an HTTP connection (via TCP) to this server. This might fail if the route from your machine to the internet is being filtered (authenticating proxy, for example). If blocked, the software will attempt fallback to doing DNS lookups (over UDP). These can be very, very problematic for some upstream DNS servers as they might not like the "rather large" DNS requests we are making (typically near the limit of the specification's allowed size).

    Wireshark is likely your friend to see what might be actually happening on the wire. Look for HTTP transactions and DNS transactions with "sophosxl" in the destination hostname.

    :1014191

    ---

    Bob Cook (bob.cook@sophos.com) Director, Software Development

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?