Web intelligence service breaks Oracle webforms.

Hi,

Is the problem the Sophos Web Intelligence service or the Layered Service Provider (LSP) registered in Winsock?  

And for which plaforms so you see the problem: Windows 7 or 8 for example? Wndows 8 doesn't use a LSP but a WFP callout driver.

Taking Windows 7 (and earlier) as an example:

Their are 2 high level features that use the LSP to intercept web traffic from the browser process, other processes that initialise Winsock will also load the LSP but the traffic is not passed to the web inteligence service:

- Web protection

- Web Control

Web protection has 2 sub-components:

- Download scanning

- Malicious website blocking

If all 3 components are disabled, i.e.:

- Download scanning

- Malicious website blocking

- Web Control

in policy, the LSP is unloaded from Winsock the next time the Sophos Web Intelligence update service is started, typically at next reboot.  It is unloaded as it is no longer required.

I would be interested to know therefore, if you disable all 3 of these features via policy, I assume in SEC and restart a test computer, does the problem also go away? I.e. the Sophos Web Intelligence service is running but it is not being passed work by the LSP.

You can confirm the LSP is no longer loaded in Winsock by running:

netsh winsock show catalog > winsock.txt

If you do this before and after disabling the LSP you can see the difference, i.e. the Sophos LSP being removed.

After unlaoding the LSP It is suggested you restart any process that would have loaded it, such as the browser so that the LSP is not loaded.  This is not an issue if you restart the computer to remove the LSP from Winsock.

Regards,

Jak

Hi,

Is the problem the Sophos Web Intelligence service or the Layered Service Provider (LSP) registered in Winsock?  

And for which plaforms so you see the problem: Windows 7 or 8 for example? Wndows 8 doesn't use a LSP but a WFP callout driver.

Taking Windows 7 (and earlier) as an example:

Their are 2 high level features that use the LSP to intercept web traffic from the browser process, other processes that initialise Winsock will also load the LSP but the traffic is not passed to the web inteligence service:

- Web protection

- Web Control

Web protection has 2 sub-components:

- Download scanning

- Malicious website blocking

If all 3 components are disabled, i.e.:

- Download scanning

- Malicious website blocking

- Web Control

in policy, the LSP is unloaded from Winsock the next time the Sophos Web Intelligence update service is started, typically at next reboot.  It is unloaded as it is no longer required.

I would be interested to know therefore, if you disable all 3 of these features via policy, I assume in SEC and restart a test computer, does the problem also go away? I.e. the Sophos Web Intelligence service is running but it is not being passed work by the LSP.

You can confirm the LSP is no longer loaded in Winsock by running:

netsh winsock show catalog > winsock.txt

If you do this before and after disabling the LSP you can see the difference, i.e. the Sophos LSP being removed.

After unlaoding the LSP It is suggested you restart any process that would have loaded it, such as the browser so that the LSP is not loaded.  This is not an issue if you restart the computer to remove the LSP from Winsock.

Regards,

Jak