Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 2694 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos 9.7.8, Internet Explorer 10, and Sophos Web Content Scanner Add-on - Gmail Attachment Crash

Stelker

Hello everyone,

We are using Sophos version 9.7.8 VDL4.89G  on some Windows 7 computers running Active Directory and Internet Explorer 10. IE 10 will crash on these computers when attempting to attach a file to an e-mail. The "Choose File to Upload" box to attach a file will display, and you can choose an item, but after selecting the item and choosing "Open", the browser will crash.

We have narrowed the issue down to the Sophos Web Content Scanner Add-on. As soon as we disable this particular add-on and restart the browser, the attachment process works fine. Moving to Sophos version 10 fixes this problem, but we are waiting on the upgrade for other compatibility testing reasons.

Here is my question: Can we disable this add-on from the Sophos Enterprise Console, or do we need to use a registry key change or GPO?

Additionally, what ramifications will this have on the security of the PCs? I get that the add-on is probably scanning websites or keeping a list of malicious sites or something, and that disabling it will reduce security to an extent, but is there a more in-depth explanation about what exactly it protects against?

Thanks very much for your help as always!

Sincerely,

Cameron

:42892


This thread was automatically locked due to age.
  • 0

    HI,

    Sounds like the BHO is to blame which explains why moving to 10.x  helps as the BHO was replaced with an LSP.  The BHO scans FTP, HTTP and HTTPS traffic as viewed through IE and Explorer.  It essentially buffers and scans up to 2MB of data before allowing it through.  The idea of scanning the content before IE renders it, is to get there early enough before IE executues the content.  It's not really secure enough to rely on the on-access scanner picking up a malicious file from the browsers cache as it could have alreday been run by IE.

    How you disable it depends on what fixes the problem,  if it's sufficient to just stop the scanning then you can disable download scanning in the SAV policy.  If you need to actually stop the BHO loading in IE for the problem to go away then GPO would be the best approach.

    To do so, create a new policy that applies to the computers you want to disable the BHO, then under the "Computer Configuration" settings: Administrative Templates -> Windows Components -> Internet Explorer -> Security Features -> Add-on Management,  in the "Add-on LIst" settings you can enable this and enter the GUID of the Sophos BHO:

    {39EA7695-B3F2-4C44-A4BC-297ADA8FD235}

    and set the Value to 0.

    A 0 will disable the BHO for all users on the computers, 1 would enable it for all users, 2 I think would enable the state to be controlled locally in IE.  So 0 should be what you're after.

    Regards,

    Jak

    :42898