Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1520 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Blocks Spirent Test Center

mcorsello

I have engineers that use the TestCenter.exe application to automate testing of network switches we design. The software pulls up Firefox and runs through all the clicking and typing they would typically have to do manually. When I install Sophos End User Protection on the machine the scripts no longer work. I've excluded the application the directory and stopped the Sophos AV service all to no affect, but if I uninstall Sophos it works again.

Has anyone seen this behavior? Can anyone offer any advice?

:44629


This thread was automatically locked due to age.
  • 0

    Hello mcorsello,

    that's not much information to work with. Apparently it's not on-access scanning (anyway, you'd get a pop-up or at least an entry in the log SAV.txt when something is blocked).

    the scripts no longer work

    Now, not knowing the Spirent product I have no idea what this no longer work looks like. Is Web Protection or Web Control enabled in your installation? Just asking because a browser is involved. But here as well - if Sophos blocks a request or denies access during normal operation it should log an event. 

    Christian

    :44651
  • 0

    Sorry I submitted the question in the middle of working through a problem. Here is a little more detailed description. We are running End User Data Protection Suite 10.3 I have also tested it using the stand alone client version 10.0.2. The Spirent product is a shell that allows our engineers to automate testing by using scripts (think back to windows screen recording) it captures mouse movements and clicks and keys pressed. Specifically they are launching firefox and logging into an ethernet switches web management interface. Without Sophos installed the script runs fine, once we install Sophos the script bails with an error message that it failed to click the logon button. I disabled behavior monitoring, disabled on-access scanning, disabled web scanning still wouldn't run. I stopped the Sophos Anti-Virus service and the script ran. No errors appeared in the SAV.log file at any point. I excluded the actual executable that was running the Spirent product and re-enabled all the defaults in Sophos and everything worked fine. I thought I had the answer at that point, however the next morning after a reboot of the computer the scripts no longer ran. I went back in and verified all the settings were the same so I'm not sure why it stopped working.

    :44847
  • 0

    Hello mcorsello,

    it doesn't look like a simple question of excluding this or disabling that. Guess you have to work with Support, so please contact them directly.

    Nevertheless allow me a few questions and suggestions in the hope they help to narrow down the problem:

    • Have the scripts been recorded before Sophos was installed on the machine(s)?
    • Do you have more than one (set of) script(s) and are the all failing at a certain point?
    • Are Firefox and the (inter)actions visible?
    • Does stopping the Anti-Virus service reliably enable the scripts to run?
    • Last but not least - did you try the steps in How to troubleshoot LSP interactions with Endpoint Security and Control / Endpoint Protection? Please note that disabling the LSP requires a certain sequence of actions (I know it is tedious but then, troubleshooting is seldom easy)

    Feel free to follow up here (whether before or after contacting Support)

    Christian

    :44855