This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Does Live Protection honor Windows Exclusions?

I guess this is a two part question but mainly wanting to know a little more about the functionality of Live Protection. As the subject line reads: Does Live Protection even look at what exclusions you specify in policy so that we could have a local white list that works in conjunction with SophosLabs.

The question is coming about because we could potentially be searching for a means to throttle the intensity of Live Protection. Due to decreased internet performance EXCLUSIVELY through the proxy.

Second question relates to Live Protections useage with a proxy server. Are there any config options available to have alternate routing for this service where we could route outside of the proxy?

We haven't gone cold turkey with the Live Protection policy off just yet so we don't know anything conclusive as to why we've had bad performance on the internet. What brought attention to sophos was the number of sophosxl.net requests going through the proxy. The interesting thing to me is that I'm just now wondering IF Live Protection is correlated to this, that it might be more of a performance issue than a internet bandwidth issue. If you bypass the proxy you can still get to the internet. Is it possible that the proxy is getting overwhelmed by the number of request made by Live Protection.

This thread was automatically locked due to age.

Parents

0 QC over 11 years ago

Hello LoXodonte,
the functionality of Live Protection
well, the official naming and meaning are rather clear but common usage applies this term to all "cloud lookups". The actual Live Protection is outlined in Sophos Live Protection: Overview which is vague about the implementation, Overview of the Sophos Live Protection architecture in SESC 9.5+ explicitly refers to DNS lookups. In short, the on-access scanner requests (if enabled) an additional Live lookup in response to the result of a static detection (Mal/Generic-S is arguably the best-known example) - in yet other words Live Protection is potentially employed after scanning which is performed after exclusions have already been applied. it is not "another" scanning strategy.
What you encounter is likely "Live URL/URI Filtering", part of Web Protection. Guess more or less all the requests go to http.00.s.sophosxl.net. Depending on the browsing activity there can be quite a number of additional requests. AFAIK (the "web") SXL uses the system (IE) proxy setting, this might be one option to reroute the traffic. To verify that it is indeed Web Protection you could (temporarily) turn off Block access to malicious websites.
Christian
:51234
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 11 years ago

Hello LoXodonte,
the functionality of Live Protection
well, the official naming and meaning are rather clear but common usage applies this term to all "cloud lookups". The actual Live Protection is outlined in Sophos Live Protection: Overview which is vague about the implementation, Overview of the Sophos Live Protection architecture in SESC 9.5+ explicitly refers to DNS lookups. In short, the on-access scanner requests (if enabled) an additional Live lookup in response to the result of a static detection (Mal/Generic-S is arguably the best-known example) - in yet other words Live Protection is potentially employed after scanning which is performed after exclusions have already been applied. it is not "another" scanning strategy.
What you encounter is likely "Live URL/URI Filtering", part of Web Protection. Guess more or less all the requests go to http.00.s.sophosxl.net. Depending on the browsing activity there can be quite a number of additional requests. AFAIK (the "web") SXL uses the system (IE) proxy setting, this might be one option to reroute the traffic. To verify that it is indeed Web Protection you could (temporarily) turn off Block access to malicious websites.
Christian
:51234
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data