Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 33 replies
  • Subscribers 1 subscriber
  • Views 136149 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Protection in Sophos Endpoint Protection 10

bwyatt

Hello,

I am having a considerable problem.

I just upgraded our Sophos Enterprise Console to v10 and everything went smoothly. I also noticed the Patch Assessment and Web Protection under Policies, so once I changed the SUM to use v10 for the client machines, I went to enable both the Patch Assessment and Web Protection.

Long story short, it didn't work. Eventually I checked the 'Detail' button and the licenses did not appear for Patch Assessment or Web Protection. This confused me: why even present the option to configure patch and web at all if you don't even have the ability to use it?

So I went back and disabled them both, did a 'comply with all group policies' update and moved on.

I then went to check my email (we use Google Apps) and it kept giving me an SSL error. Then my users started complaining of the same thing. Since I essentially troubleshoot things for a living, I turned off the web protection on my local Sophos configuration because it was the last thing I changed - this then allowed me into gmail. There were no error logs for this.

Problem is, it didn't care what options I set on the Enterprise Console. Even though I disabled web protection, is refused to let go of its settings and it remained on despite restarts, updating Sophos again and even deleting the computer from the console, re-adding and re-installing. Nothing worked.

Eventually I just disabled and stopped the Sophos Web Intelligence Service, that worked. That is far from ideal though. I need to be able to manage Sophos from the console as intended. My users cannot change the setting on their local Sophos (despite tamper protection being disabled at the console policy) and I don't want to have to have a disabled service to fix this; for all I know it affects other anti-virus processes!

Sorry for the long windedness but I wanted to try and answer as many questions as possible rigth off the bat.

Any assistance??

:19817


This thread was automatically locked due to age.
  • 0

    We should have full control over this component, not just whitelisting, so heres hoping for maximum control. I just want to TURN IT OFF from the console.

    :23755
  • 0

    Hi Jkillebrew,


    To unload the LSP and therefore not have the web protection running.

    1. Open the Sophos Enterprise Console

    2. Under policies, Anti-Virus and HIPS, right click on Default and select View/Edit policy

    3. Under Web protection, select Off for both drop boxes (Block access to malicous websites and Download scanning)

    4. Click OK

    5. Repeat steps 2 to 4 for all other Anti-Virus and HIPS policies.

    6. Under Web control, right click Default and select View/Edit policy

    7. Untick Enable web control

    8. Click OK

    9. Repeat steps 6 to 8 for all other Web Control policies 

    10. Reboot the machines that had the Web protection loaded

    If you are having issues please do contact Sophos technical support so that the issue can be logged to correct the fault.

    :23885
  • 0
    Unfortunately, turning Web Protection and Web Control does not resolve the issues that I and others are having. The only solution is to disable the Sophos Web Intelligence Service. I have an open ticket with Sophos Support. All they keep saying is that my issue should be resolved in the next update release. This first started back when I was at 10.0.1. Now I'm at 10.0.3 with the same issue. It would be great if 10.0.4 fixes the problem. I'll believe it when I see it. For those interested, we use Novell iPrint to add printers to local computers via a web interface. This enables end users to be able to install their own printers instead of having to contact IT directly. When the Sophos Web intelligence Service is enabled, the iPrint web page does not install printers and ends up locking up. If we disable WIS, adding printers via iPrint works fine. Instead of having to disable the service within Windows, there needs to be an option in Sophos Enterprise Console to manage WIS. Hopefully, 10.0.4 will have some additional functionality to manage things better.
    :24041
  • 0

    I am looking for a solution too. I have been testing v10, particularly as we have a need to deploy a means to block Facebook to some machines, and this seems ideal.

    I have configured it to block all of the undesirable categories and this works. I also added exceptiond to block 2 domains - twitter.com and facebook.com.

    twitter is working great. However with facebook, facebook.com works if you type it excactly like that, but www.facebook.com will display.

    I tried adding www.facebook.com as another exception. This seemed to work at first, but does occasionally display the page. we do have a Sophos filtering appliance i am waiting to put in, but am concerned this hit and miss approach will still occur.

    We are an educational institute distributed over many sites, and cannot always be on site to monitor if this works

    :24383
  • 0

    Hello ggriffiths,

    I've started a new thread about this issue (Web control - blocking of facebook.com fails).

    Christian

    :24417
  • 0

    Thank you Christian. Sorry, I thought you may want to keep all web issues in one place. My bad

    Gareth

    :24431
  • 0

    I really wished I found this post earlier as it would have saved me some time.  We just finished deploying v10 out to all our workstations and we started getting reports of internet access issues.

    Through troubleshooting we found disabling the web intelligence service fixed it so we sent out a gpo to disable this for us.  I have a support ticket open with Sophos but it seems they still don't know of this issue?

    :26129
  • 0

    We also have a case open with Sophos about this problem. We are on 10.0.5 and are being told the problem will be fixed in 10.0.6.

    Like others we had to completely disable to Web Intelligence Service to stop issues. XP clients seem to be affected but Windows 7 does not seem to have any problems, possibly due to different way it handles LSPs. Weirdly I can't find any other applications that are using LSPs that could be conflicting, nor do we have any of the packages listed on Sophos with known compatibility problems.

    We are using a lot of internal Oracle systems that run on java through IE. Users have reported slow performance and lags between switching screens. From what I've seen once the SWI service is stopped and disabled systems are running normally again.

    I'll update once we have 10.0.0 or find anything else out.

    :26401
  • 0

    Cannot load this web with sophos, it just keep loading.

    http://www.grc.com/x/ne.dll?rh1dkyd2

    :26477
  • 0

    Hi

    It loads ok for me in IE 9, Chrome and FF on Win 7 64-bit.  I have SAV 10.0.5 and "Web Control", "Download Scanning" and "Block access to malicious websites" are all enabled.

    Do you go via a proxy?  It's the only thing I can think off that might be different other than the version.

    Regards,

    Jak

    :26481