Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 33 replies
  • Subscribers 1 subscriber
  • Views 136136 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Protection in Sophos Endpoint Protection 10

bwyatt

Hello,

I am having a considerable problem.

I just upgraded our Sophos Enterprise Console to v10 and everything went smoothly. I also noticed the Patch Assessment and Web Protection under Policies, so once I changed the SUM to use v10 for the client machines, I went to enable both the Patch Assessment and Web Protection.

Long story short, it didn't work. Eventually I checked the 'Detail' button and the licenses did not appear for Patch Assessment or Web Protection. This confused me: why even present the option to configure patch and web at all if you don't even have the ability to use it?

So I went back and disabled them both, did a 'comply with all group policies' update and moved on.

I then went to check my email (we use Google Apps) and it kept giving me an SSL error. Then my users started complaining of the same thing. Since I essentially troubleshoot things for a living, I turned off the web protection on my local Sophos configuration because it was the last thing I changed - this then allowed me into gmail. There were no error logs for this.

Problem is, it didn't care what options I set on the Enterprise Console. Even though I disabled web protection, is refused to let go of its settings and it remained on despite restarts, updating Sophos again and even deleting the computer from the console, re-adding and re-installing. Nothing worked.

Eventually I just disabled and stopped the Sophos Web Intelligence Service, that worked. That is far from ideal though. I need to be able to manage Sophos from the console as intended. My users cannot change the setting on their local Sophos (despite tamper protection being disabled at the console policy) and I don't want to have to have a disabled service to fix this; for all I know it affects other anti-virus processes!

Sorry for the long windedness but I wanted to try and answer as many questions as possible rigth off the bat.

Any assistance??

:19817


This thread was automatically locked due to age.
  • 0

    I forgot to mention: we operate a Squid proxy (no caching, just logging) that is set at GPO level.

    :19831
  • 0

    We've had the same issues once we upgraded the clients to version 10.  With version 9.x, we don't have a problem with the Web Intelligence Service even with the Web Protection set to off and the download scanning set to As with On Access.

    Once we upgraded the clients to version 10, our end users couldn't access certain sites that used secured login.  The particular pages didn't give an error nor reported they were blocked, they just didn't load.  The end users would sit looking at a blank web page that looked like it was loading for up to 20 minutes.  Once the Web Intelligence Service was stopped, it worked perfectly fine.

    We do have access to the Web Control but it was not enabled.  And nothing changed in the AV / HIPS policy at all (which is the Web Protection).  I was told by Sophos that the Web Intelligence Service hosts the Sophos Web Protection feature in the AV / HIPS policy and not Web Control.  So I wonder what changed in the service that is causing this problem for so many people, even without the Web Control functionality available.

    They asked me to test out changing both the Web Protection and Download Scanning to OFF.  I did and it made no difference.

    :20191
  • 0

    I am having to disable web intelligence service on many PC's this morning as well. We have internal sites that are not loading correctly with it enabled, despite web control being turned off. Turning off web protection and download scanning set to off does not resolve, only disabling the web intelligence service seems to help.

    :20201
  • 0

    EVen though we have the website scanning/downloading turned off on Sophos, it still seems to crash browsers if the content filter is on.  I don't think they have a fix for this yet. I have a case open with them, and they have been getting SDU logs from clients, and the Console server. I noticed that if we turn OFF our iPrism content filter appliance on our network, this issue seems to go away. (I haven't tested for long, but inital tests show this to be true.

    :20233
  • 0

    Hello,

    I have also the same problem with the web protection.

    We upgraded in Sophos Endpoint V10 yesterday , and the problem begin ..

    First, our intranet sites encountered some problems with activex, some are inacessible.

    I notice , the computer need a reboot after the update from 9.7 -> 10, the problems seem to disappear.

    Also, i check in entreprise console the web protection policy , All parameters are disabled .

    The problem persist with the web site, some iexplore crash...

    The solution is to stop the sophos web service.

    The client dont apply the policy from the entreprise console ..

    My solution is to set a GPO to disable the sophos web service.. until sophos will deliver a fix .

    :20267
  • 0

    Hello

    We are currently investigating a number of similar reports of browser crashes related version 10.0. There are a couple of fixes that we have identified that will be included, subject to testing, in version 10.0.1 which is due for release later in January. Hopefully this release will solve the problems you have experienced too.

    Thanks for using Sophos Endpoint and for contributing to the SophosTalk community.

    Regards

    Richard Baldry

    Product Manager - Endpoint Web Filtering

    Sophos

    :20395
  • 0

    As a test, set the Block access to malicious websites and Download scanning to OFF on the Web protection under the Anti-Virus and HIPS Policy that you use

    :20441
  • 0

    Hello Everybody

    Use this scripts to Enable/Disable the Sophos Web Interface service.

    Save the text as .vbs extension and execute manually or from GPO policy.

    -- cut here : DEACTIVATE--

    '

    ' Vbscript para activar Automáticamente e iniciar el servicio SWI de Sophos 

    ' Sophos Endpoint 10

    ' Problema identificado: Crash de navegadores

    ' Tipo de solución: Temporal'

    '
    strComputer = "."

    Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
    Set colServiceList = objWMIService.ExecQuery ("Select * from Win32_Service where Name = 'swi_service'")
    For Each objService in colServiceList 

      errReturnCode = objService.ChangeStartMode("Automatic")

         Wscript.Sleep 10000 

      objService.StartService()

    Next

    -- cut here : DEACTIVATE--

    -- cut here : ACTIVATE--

    '

    ' Vbscript para activar Automáticamente e iniciar el servicio SWI de Sophos 

    '

    ' Sophos Endpoint 10

    ' Problema identificado: Crash de navegadores

    ' Tipo de solución: Temporal

    '

    '
    strComputer = "."

    Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
    Set colServiceList = objWMIService.ExecQuery ("Select * from Win32_Service where Name = 'swi_service'")
    For Each objService in colServiceList 

    errReturnCode = objService.ChangeStartMode("Automatic")

                 Wscript.Sleep 10000

    objService.StartService()

    Next

    -- cut here : ACTIVATE--

    Regards

    Linck Tello Flores

    INNOVARE E-BUSINESS sac

    www.innovare.pe

    :20443
  • 0

    @RichBaldry: I have not yet deployed Sophos Web Control via the Enterprise Console and will not do so until version 10.0.1 is released. How will we know that the new version has been released?

    Thanks

    Mark

    :20657
  • 0

    We have the same described problems with our internal web applications.

    @Sandy: Can you tell me if the release of the new 10.01 version on the end of January is still up-to-date?

    Best regards,

    Daniel

    :21191