Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 6 subscribers
  • Views 27268 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Web Intelligence Bundle and Little Snitch

brvx

Just installed SAV on Mountain Lion. Now, for any site I visit I get an alert from LS asking whether to allow or not. Very annoying. Don't think this was hapening with SAV in Snow Leopard.

OK, created permanent rules to allow WIB to connect to any server, Port 80/443, Protocol 6 (TCP). End of annoying pop-ups, but is that safe to allow? I suppose it is, since many SAV users don't have LS.

:1016517


This thread was automatically locked due to age.
  • 0

    I may have answered my own question above. But I do have a follow-up. I would like to know against what database the Sophos WIB checks the URLs one visits? I hope it isn't Google Safe Browsing. If it is, I've found that to be mostly lame and useless, and the small, but noticable slowdowns involved in site loading as a site gets checked wouldn't be worth it.

    Can someone please tell me what it is?

    :1016521
  • 0

    Most products use data published by SophosLabs which is based on a number of sources.  The most significant source of data is the URL queries that come from all of our users - this ensures that our database provides a very high level of coverage, with a very low number of uncategorized sites.

    SophosLabs generates a great deal of information about risky and infected sites.  Other partners provide us with categorization services.

    :1016609

     - - - - - - - - - - - -

    Communities Moderator, SOPHOS
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0

    Thanks. Just a FYI, when I'm really in doubt, I check with these. Good to know I'm not wasting any time with Google Safe Browsing.

    https://www.virustotal.com/

    http://sitecheck2.sucuri.net/

    http://quttera.com/

    :1016613
  • 0

    Hadn't bothered checking Little Snitch before. Looks like it is using Google Safe Browsing

    Screen Shot 2014-04-02 at 2.33.01 PM.png

    :1016619
  • 0

    Hello brvx,

    dunno the architectural details of SWI on Mac OS X - to me this looks like it accesses the URLs either on behalf of or in addition to the browser (you are using Firefox, aren't you)? It should be easy to verify this.

    Christian

    :1016627
  • 0

    Yeah, could be right. Since I've started using Sophos on this 10.8.5, I'm no longer seeing Firefox connections in the Little Snitch network monitor. Looks like everything is going through the WIB. I'll temporarily disable that and see if Firefox itself is making that connection to Google SB.

    Yep, that was it. I had forgotten that Firefox makes that connection on startup. And now I can see why I've been getting requests from helpd to connect to images.software.com, which I've now blocked. No idea why it wants to connect to that site, which AFAIK I've never had any business with. But that's another issue. Thanks.

    Screen Shot 2014-04-03 at 8.14.09 AM.png

    :1016633
  • 0

    I am not happy with the new features that are using Sophos Web Intelligence Bundle and don't really want this kind of intervention. Can I turn it off and still keep the computer virus protection?

    :1017711
  • 0
    Ixax wrote:

    Can I turn it off and still keep the computer virus protection?

    Disabling Web Protection doesn't affect the local disk scanning protection.  From the manual...

    Web Protection can be configured to block access to malicious websites, scan downloads to help protect against malicious content, or both. To configure Web Protection:

    1. Choose Sophos Anti-Virus ➤ Preferences
    2. Select Web Protection
    3. Click General on the Web Protection panel
    4. If some settings are dimmed, click the lock icon and type an administrator name and password\
    5. Move the upper toggle switch to On to protect your Mac from sites that Sophos has identified to be hosting malicious content. 
    6. Move the lower toggle switch to On to block malicious downloads before they reach your browser. This will perform an additional check by passing downloads through the content scanning engine.

    To switch it off change the two 'On' values to 'Off'.

    http://www.sophos.com/en-us/medialibrary/PDFs/documentation/savmosx_9c_heng.pdf

    :1017721

     - - - - - - - - - - - -

    Communities Moderator, SOPHOS
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0

    Hi,

    got the same problem and could solve it according to your posting.

    There is one question left.

    Port 80 and 443 or ports 80 up to 443?

    How did you write the rule for LS to open 2 ports or did you give LS 2 rules one for 80 and one for 443?

    LS accepts only 80 - 443, but not something like 80; 443 or 80 443 for two ports.

    Thanks

    :1017843
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?