Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1750 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Control not compatible with XP Pro and IE combination?

jhuntley

Just using the Web Control built in feature in Sophos Endpoint Security and Control software. Using the default settings within the Enterprise console with the exception of adding facebook.com to the "websites to block list".

Policies pushed out to clients sucessfully.

Try to go to www.facebook.com using IE, chrome and FF and they are all blocked as I thought they would be.

BUT

if I go to https://www.facebook.com using IE I am able to. Chrome and FF still block the https request

Anyone else notice this?

Win XP Pro and IE8 (both fully patched)

I was told by support that Win XP and IE when used together do not allow blocks via DNS name... Really? Content Advisor built into IE can do it. Just saying...

Now knowing that this combination together passes the Web Control, it kinda makes Web Control kind of useless in a corporate environment doesnt it? I mean there are millions of XP & IE combinations in use world wide in different companies

:27291


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Web Control for HTTPS relies on the ability to intercept the Server Name Indication (SNI) record from the HTTPS header. Because we don't "crack open" the encrypted stream in this feature we rely on the assistance of the operating system and/or browser for some idea of where the HTTPS traffic is going to.

    You can read more about SNI at Wikipedia: http://en.wikipedia.org/wiki/Server_Name_Indication

    Microsoft has chosen to not support SNI in IE for Windows XP but do for Vista+. As you've discovered from your own experimentation, other vendors do support it. You can use the Application Control policy to restrict what browsers an endpoint is allowed to use.

    :27429
Reply
  • 0

    Hi,

    Web Control for HTTPS relies on the ability to intercept the Server Name Indication (SNI) record from the HTTPS header. Because we don't "crack open" the encrypted stream in this feature we rely on the assistance of the operating system and/or browser for some idea of where the HTTPS traffic is going to.

    You can read more about SNI at Wikipedia: http://en.wikipedia.org/wiki/Server_Name_Indication

    Microsoft has chosen to not support SNI in IE for Windows XP but do for Vista+. As you've discovered from your own experimentation, other vendors do support it. You can use the Application Control policy to restrict what browsers an endpoint is allowed to use.

    :27429
Children
No Data