Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 17200 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

swi_service.exe http traffic

jameshink

Hello,

I have just rolled out Sophos across our server farm and have notice that what I believe is the Live Protection service(swi_service.exe) is contacting external ip addresses on port 80 at various times during the day. 

I would like to configure this to use a proxy server if possible but have not been able to work out how?

I have read that there is the utility SavProxy.exe to configure the proxy which I have ran and they appear to be correct. There are no proxy bypasses set and the proxy server name is correctly set to my proxy server. However http traffic is still sent out.

Any help would be very much appreciated!

Thanks

James 

Running: Sophos Endpoint Security and Control V10.3

:51604


This thread was automatically locked due to age.
Parents
  • 0

    Hello James,

    Sophos contacts its cloud servers directly

    this is not the correct behaviour - it should, in the sense of when working correctly as designed and implemented, use the Internet Options proxy settings. I'm not aware that some application would change the settings for SYSTEM accounts on the fly but who knows - but then you would observe direct connections without Web Protection as well. I'd suggest that you contact Support directly before turning off Web Protection (as said, Live Protection uses HTTP only for submitting samples collected by the AV scanner).

    Christian

    :51680
Reply
  • 0

    Hello James,

    Sophos contacts its cloud servers directly

    this is not the correct behaviour - it should, in the sense of when working correctly as designed and implemented, use the Internet Options proxy settings. I'm not aware that some application would change the settings for SYSTEM accounts on the fly but who knows - but then you would observe direct connections without Web Protection as well. I'd suggest that you contact Support directly before turning off Web Protection (as said, Live Protection uses HTTP only for submitting samples collected by the AV scanner).

    Christian

    :51680
Children
No Data