Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 66 replies
  • Subscribers 6 subscribers
  • Views 265751 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mac OS X 10.9 "Mavericks" and SAV for Mac

bobcook

Apple released Mac OS X 10.9 "Mavericks" today, free for everyone with Snow Leopard or newer.

We've been testing our product with this release for many months now and had made numerous changes in version 9.0.3 (the version published about a month ago). The significant changes required were to change how we were building, codesigning, and installing our kernel extensions. You will now find two copies of our kext: one in /System/Library/Extensions and another in /Library/Extensions. This follows Apple's recommendation to support people transitioning from 10.8 to 10.9.

The kexts in /System/Library/Extensions are present for compatiblity with versions of Mac OS X prior to 10.9. Starting in "Mavericks" the location is /Library/Extensions. We are codesigning the kexts in /Library/Extensions to conform to Apple's security requirements.

If you have issues, please report them in this thread.

:1013899


This thread was automatically locked due to age.
Parents
  • 0
    bobcook wrote:

    Hi Dan,

    The "block access to malicious websites" feature connects to our SXL servers while the browser request is in flight. We hold the response from the remote server until we get an answer (or timeout).

    Can you traceroute and/or ping to http.00.s.sophosxl.net and see where its going?

    We initially will attempt an HTTP connection (via TCP) to this server. This might fail if the route from your machine to the internet is being filtered (authenticating proxy, for example). If blocked, the software will attempt fallback to doing DNS lookups (over UDP). These can be very, very problematic for some upstream DNS servers as they might not like the "rather large" DNS requests we are making (typically near the limit of the specification's allowed size).

    Wireshark is likely your friend to see what might be actually happening on the wire. Look for HTTP transactions and DNS transactions with "sophosxl" in the destination hostname.

    Just doing a basic traceroute here is the info:    Takes forever to hit the destination.   Pinging goes right through.  Have a RT-N66U Asus Router with latest firmware.  With wireshark I didn't see anything useful.

    Traceroute has started…

    traceroute to ns.a.aws.sophosxl.net (54.205.37.95), 64 hops max, 72 byte packets

     1  router.asus.com (192.168.1.1)  2.852 ms  1.230 ms  0.642 ms

     2  l100.pitbpa-vfttp-50.verizon-gni.net (96.235.36.1)  5.045 ms  5.327 ms  4.626 ms

     3  g0-1-2-6.pitbpa-lcr-21.verizon-gni.net (130.81.58.64)  7.450 ms  6.396 ms  7.301 ms

     4  xe-15-1-0-0.res-bb-rtr1.verizon-gni.net (130.81.209.38)  10.024 ms  11.355 ms  9.799 ms

     5  0.ae1.br3.iad8.alter.net (152.63.7.81)  14.923 ms  15.937 ms  15.184 ms

     6  dcp-brdr-03.inet.qwest.net (63.235.40.49)  16.580 ms  15.054 ms  14.933 ms

     7  * * *

     8  65.120.78.82 (65.120.78.82)  18.237 ms  17.154 ms  17.424 ms

     9  205.251.245.27 (205.251.245.27)  18.147 ms  16.628 ms  16.979 ms

    10  205.251.245.121 (205.251.245.121)  12.411 ms  14.215 ms  12.365 ms

    11  * * *

    12  * * *

    13  * * *

    14  216.182.224.237 (216.182.224.237)  20.666 ms  16.745 ms  18.076 ms

    15  * * *

    16  * * *

    17  * * *

    18  * * *

    19  * * *

    20  ec2-54-205-37-95.compute-1.amazonaws.com (54.205.37.95)  19.490 ms  16.040 ms  14.781 ms

    :1014193
Reply
  • 0
    bobcook wrote:

    Hi Dan,

    The "block access to malicious websites" feature connects to our SXL servers while the browser request is in flight. We hold the response from the remote server until we get an answer (or timeout).

    Can you traceroute and/or ping to http.00.s.sophosxl.net and see where its going?

    We initially will attempt an HTTP connection (via TCP) to this server. This might fail if the route from your machine to the internet is being filtered (authenticating proxy, for example). If blocked, the software will attempt fallback to doing DNS lookups (over UDP). These can be very, very problematic for some upstream DNS servers as they might not like the "rather large" DNS requests we are making (typically near the limit of the specification's allowed size).

    Wireshark is likely your friend to see what might be actually happening on the wire. Look for HTTP transactions and DNS transactions with "sophosxl" in the destination hostname.

    Just doing a basic traceroute here is the info:    Takes forever to hit the destination.   Pinging goes right through.  Have a RT-N66U Asus Router with latest firmware.  With wireshark I didn't see anything useful.

    Traceroute has started…

    traceroute to ns.a.aws.sophosxl.net (54.205.37.95), 64 hops max, 72 byte packets

     1  router.asus.com (192.168.1.1)  2.852 ms  1.230 ms  0.642 ms

     2  l100.pitbpa-vfttp-50.verizon-gni.net (96.235.36.1)  5.045 ms  5.327 ms  4.626 ms

     3  g0-1-2-6.pitbpa-lcr-21.verizon-gni.net (130.81.58.64)  7.450 ms  6.396 ms  7.301 ms

     4  xe-15-1-0-0.res-bb-rtr1.verizon-gni.net (130.81.209.38)  10.024 ms  11.355 ms  9.799 ms

     5  0.ae1.br3.iad8.alter.net (152.63.7.81)  14.923 ms  15.937 ms  15.184 ms

     6  dcp-brdr-03.inet.qwest.net (63.235.40.49)  16.580 ms  15.054 ms  14.933 ms

     7  * * *

     8  65.120.78.82 (65.120.78.82)  18.237 ms  17.154 ms  17.424 ms

     9  205.251.245.27 (205.251.245.27)  18.147 ms  16.628 ms  16.979 ms

    10  205.251.245.121 (205.251.245.121)  12.411 ms  14.215 ms  12.365 ms

    11  * * *

    12  * * *

    13  * * *

    14  216.182.224.237 (216.182.224.237)  20.666 ms  16.745 ms  18.076 ms

    15  * * *

    16  * * *

    17  * * *

    18  * * *

    19  * * *

    20  ec2-54-205-37-95.compute-1.amazonaws.com (54.205.37.95)  19.490 ms  16.040 ms  14.781 ms

    :1014193
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?