Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 11914 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web intelligence service breaks Oracle webforms.

spencer1

I'm deploying Sophos and I'm having an issue with the Web intelligence Service breaking our Oracle webforms app on our endpoints. If I stop the service they can launch the forms just fine until the service is enabled again. I disabled the service from starting on the endpoints on which users log into Oracle. 

It's been a week and now the service just reenabled itself on every single one of our machine causing productivity to come to a standstill. Has anyone had this issue before and how can I prevent the web intellenge service from reenabling itself on the endpoints? I've tried disabling on-access and web control but the service still runs thus breaking our Oracle webforms.

:57405


This thread was automatically locked due to age.
Parents
  • 0

    I think ultimately you will need to create a support ticket for this one.  The useful information to approach Support with would be:

    Does it effect both Windows 7 and Windows 8 computers as Windows 7 uses an LSP Windows 8 does not so the architecture of how web traffic is hooked is very different.

    Also it sounds to me like it works when either:

    The LSP is unloaded from Winsock

    OR

    The Sophos Web Intelligence service is stopped.

    This is significant, as it tells me that the mere presense of the LSP is not the problem and it's only when it's parsing the work onto the service that there is an issue.  When the service is stopped the LSP is unable to connect to it and therefore no processing is perfmormed.

    The next step really I would suggest would be to enable trace logging when reproducing it.  I would suggest disable 2 of the 3 features that use the LSP to cut down on noise but to ensure the LSP so it's loaded (check with nesh). E.g. enable just Download scanning under Web Protection, leave malicious website and web control disabled. 

    Close down all browser processes, stop the Sophos Web Intelligence Service, then to enable logging there is also a DWORD registry key called LogLevel you can create under:

    HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\Web Intelligence\ 

    If you set this to 3 and the start the Sophos Web Intelligence service and launch the browser, this should log to 3 locations: 

    "\Windows\Temp\swisdiag.log"

    "\Windows\swifdiag.log"

    "%temp%\swifdiag.log"

    For this case:

    "\Windows\swisdiag.log"

    "%temp%\swifdiag.log"

    are the main ones, i.e the logs for the filter (swifdiag.log) and the logs of the service (swisdiag.log).

    Note: Don't forget to rename the key or remove it and restart the service and close down the processes the LSP is hooked into otherwise the files will grow and grow. 

    These logs should then be sent to Support if nothing is obviously an issue after taking a quick look.

    Regards,

    Jak

    :57423
Reply
  • 0

    I think ultimately you will need to create a support ticket for this one.  The useful information to approach Support with would be:

    Does it effect both Windows 7 and Windows 8 computers as Windows 7 uses an LSP Windows 8 does not so the architecture of how web traffic is hooked is very different.

    Also it sounds to me like it works when either:

    The LSP is unloaded from Winsock

    OR

    The Sophos Web Intelligence service is stopped.

    This is significant, as it tells me that the mere presense of the LSP is not the problem and it's only when it's parsing the work onto the service that there is an issue.  When the service is stopped the LSP is unable to connect to it and therefore no processing is perfmormed.

    The next step really I would suggest would be to enable trace logging when reproducing it.  I would suggest disable 2 of the 3 features that use the LSP to cut down on noise but to ensure the LSP so it's loaded (check with nesh). E.g. enable just Download scanning under Web Protection, leave malicious website and web control disabled. 

    Close down all browser processes, stop the Sophos Web Intelligence Service, then to enable logging there is also a DWORD registry key called LogLevel you can create under:

    HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\Web Intelligence\ 

    If you set this to 3 and the start the Sophos Web Intelligence service and launch the browser, this should log to 3 locations: 

    "\Windows\Temp\swisdiag.log"

    "\Windows\swifdiag.log"

    "%temp%\swifdiag.log"

    For this case:

    "\Windows\swisdiag.log"

    "%temp%\swifdiag.log"

    are the main ones, i.e the logs for the filter (swifdiag.log) and the logs of the service (swisdiag.log).

    Note: Don't forget to rename the key or remove it and restart the service and close down the processes the LSP is hooked into otherwise the files will grow and grow. 

    These logs should then be sent to Support if nothing is obviously an issue after taking a quick look.

    Regards,

    Jak

    :57423
Children
No Data