Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 17199 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

swi_service.exe http traffic

jameshink

Hello,

I have just rolled out Sophos across our server farm and have notice that what I believe is the Live Protection service(swi_service.exe) is contacting external ip addresses on port 80 at various times during the day. 

I would like to configure this to use a proxy server if possible but have not been able to work out how?

I have read that there is the utility SavProxy.exe to configure the proxy which I have ran and they appear to be correct. There are no proxy bypasses set and the proxy server name is correctly set to my proxy server. However http traffic is still sent out.

Any help would be very much appreciated!

Thanks

James 

Running: Sophos Endpoint Security and Control V10.3

:51604


This thread was automatically locked due to age.
Parents
  • 0

    Thanks Christian for your response. That's very strange then as the proxy is set in IE and in the SavProxy

    The IP address stated below pointed to the proxy server:

    C:\Program Files\Sophos\Sophos Anti-Virus>SavProxy.exe
    Name : 1X.XX.XX.XX:80
    Bypass:
    Writing SAV proxy settings...
    Settings written.

    The IP Addresses I am getting logged are:

    54.228.9.222

    54.220.18.215

    54.74.27.64

    All seem to be owned by amazonws.com??

    Microsoft Network Monitor definitely captures the swi_service.exe process initiating the connection?

    :51632
Reply
  • 0

    Thanks Christian for your response. That's very strange then as the proxy is set in IE and in the SavProxy

    The IP address stated below pointed to the proxy server:

    C:\Program Files\Sophos\Sophos Anti-Virus>SavProxy.exe
    Name : 1X.XX.XX.XX:80
    Bypass:
    Writing SAV proxy settings...
    Settings written.

    The IP Addresses I am getting logged are:

    54.228.9.222

    54.220.18.215

    54.74.27.64

    All seem to be owned by amazonws.com??

    Microsoft Network Monitor definitely captures the swi_service.exe process initiating the connection?

    :51632
Children
No Data