Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 3344 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Override in Authorized website setting in Endpoint - client computer?

DMFischer

We have Enterprise Console 10 and a Web appliance.

I have policies set up in the Ent Console and the Web appliance is working well.

I found the Authorization section under 'Configure Anti-virus / HIPS' and was concerned that my end-users would be able to modify these settings and gain access to sites that are 'warned' in the appliance.  Not to mention by-passing scans and other things we control from the Ent Console.  When I entered a test website from my machine in the Website tab I then see my machine in the Ent Console as 'Differs from Policy'

New to Sophos so I wanted to see others take on this.

I know I can control who gains access to the agent on each of the machines on our network by changing the local Sophos groups that are created.

thanks,

Dave

:36041


This thread was automatically locked due to age.
Parents
  • 0

    Hello Dave,

    Differs from policy means what it says - that the policy in effect does not comply with that in SEC. This could be due to a local modification (policies are not completely locked in for users with "higher" privileges) or some issue (e.g. program infrastructure error or a failed service).  

    allow access to a specific website

    IIRC in the Beta it also applied to Web Control (without a WA) but AFAIK this has been changed (perhaps in response to feedback). Anyway, I assume the WA has the last word (unless the user can bypass it). As said, the authorization applies to Web Protection (i.e. sites blocked because a threat has been detected, not because it belongs to a particular category). Users with sufficient privileges could instead turn off Web Protection (and Web Control alike) unless you also use Tamper Protection. Even with TP the Authorization Manager is still accessible though. The bottom line is that if you don't want your users to make any changes you shouldn't give them more than User rights in the first place.      

    Christian

    :36093
Reply
  • 0

    Hello Dave,

    Differs from policy means what it says - that the policy in effect does not comply with that in SEC. This could be due to a local modification (policies are not completely locked in for users with "higher" privileges) or some issue (e.g. program infrastructure error or a failed service).  

    allow access to a specific website

    IIRC in the Beta it also applied to Web Control (without a WA) but AFAIK this has been changed (perhaps in response to feedback). Anyway, I assume the WA has the last word (unless the user can bypass it). As said, the authorization applies to Web Protection (i.e. sites blocked because a threat has been detected, not because it belongs to a particular category). Users with sufficient privileges could instead turn off Web Protection (and Web Control alike) unless you also use Tamper Protection. Even with TP the Authorization Manager is still accessible though. The bottom line is that if you don't want your users to make any changes you shouldn't give them more than User rights in the first place.      

    Christian

    :36093
Children
No Data