Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 18024 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Endpoint Security and Control - is Web protection safe to disable?

msavignac

Hi,

I found this in the documentation:

Sophos Web Protection provides enhanced protection against web threats by preventing access to locations that are known to host malware. It blocks endpoints access to such sites by performing a real-time lookup against Sophos's online database of malicious websites.

We had some problems with Sophos Web Protection (swi_ifslsp.dll) that made Google Chrome browser crash when we worked with our in-house MAM (Media Asset Management) web application.

I'd like to know if it's safe to disable this feature on our endpoints from a security perspective.

Note that this feature works well with Firefox, but for a reason we're still trying to figure, it's not the case with Chrome.

:55853


This thread was automatically locked due to age.
Parents
  • 0

    Hello msavignac,

    [is it] safe to disable this feature

    it wouldn't be here if it had no effect. The rationale is that the risk of encountering an unknown threat (i.e. one that isn't detected by the scanner) is significantly higher for "bad" sites. As far as known threats are concerned there is no additional risk and you are safe, naturally your exposure depends on the sites your users (have to) visit. Most of Web Protection's work isn't visible (other than in the logs), an Ad on a reputable site could eventually redirect to a compromised server delivering content which tries to pull "something" from a malware hosting site which will get blocked (whether the potential content is actually malicious or not).

    Christian.  

    :55858
Reply
  • 0

    Hello msavignac,

    [is it] safe to disable this feature

    it wouldn't be here if it had no effect. The rationale is that the risk of encountering an unknown threat (i.e. one that isn't detected by the scanner) is significantly higher for "bad" sites. As far as known threats are concerned there is no additional risk and you are safe, naturally your exposure depends on the sites your users (have to) visit. Most of Web Protection's work isn't visible (other than in the logs), an Ad on a reputable site could eventually redirect to a compromised server delivering content which tries to pull "something" from a malware hosting site which will get blocked (whether the potential content is actually malicious or not).

    Christian.  

    :55858
Children
No Data