Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 11 subscribers
  • Views 2678 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What is causing play.google.com to trigger a policy violation?

Greg Mills

We have recently enabled web filtering in Sophos Central. Most of our Windows machines are triggering policy exceptions like below.

'https://play.google.com' blocked due to category 'Downloads'

These are clogging up the event logs so it is extremely difficult to see real problems. What might be causing these exceptions and how do I track down the culprit?

Thanks



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Badrobot

    Hi there, I'm still not quite sure I can see a way to diagnose this. What do you mean by an 'aspect'?

    I was thinking that I would need to check the logs on the endpoint to see what piece of software is requesting the URL, rather than do anything on the Central Console.

Children
  • 0 in reply to Greg Mills

    Hi

    It looks like the user(s) are accessing a website (or so) that has a banner/object/ad that wants to access play.google.com which is part of a blocked category. You can check the websites previously visited by one of the users who has this warning, to see if that helps. Once you have the website, you can possibly use Chrome F12 browser tools to see what other objects/sites are being loaded.

  • 0 in reply to DianneY

    Hi Dianne, thanks for your suggestion. I got the user to monitor her web usage and check her browser history, but she cannot see a pattern. Here's what she reported back.

    "I can't see anything - all the usual sites that I regularly use. I have also been monitoring the Sophos alerts over the last 40 minutes or so to see if I can spot it happening as I do something or open a website, but it has been constantly showing play.google events over the last hour, and all I have open is:

    Gmail
    Calendar
    Google Form
    Synergist

    And these are tabs that I have open as standard all day. I had a click around and opened various sites but couldn't see a pattern to the event alerts - it's been showing events even when I've done nothing but sit and watch for events!!"

    Could it be Chrome itself that is triggering the block? I have other users to whom this is also happening, but it isn't happening to all Windows users. These are the top violators for the last 30 days.

  • 0 in reply to Greg Mills

    Hi  

    If you are seeing activities from the user's machine come up as she is in any of those pages - see if using the F12 Dev tools help pinpoint something. You may update Chrome if it has not been updated yet (depending on any updating policy your enterprise has for browsers). If not a browser page object, maybe they have a browser plugin/extension installed that is causing it? Are there any unusual apps installed and running on these machines?

  • 0 in reply to Greg Mills

    So we're pretty sure that Chrome updates are causing the messages, but disabling this is proving to be difficult. We patch Chrome using a separate system called Automox, so we can safely disable Chrome's own automatic updates.

    We've tried the renaming of the updates repository trick, and disabled the two services but this hasn't stopped Chrome from phoning home. Does anyone have any other suggestions?

    Thanks.

Unfiltered HTML
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML