Tue 12-Jun-2012 10:22
A few of our security guys are asking how the sophos web protectiong actually works before implimenting it.
I know an LSP is created on the machines network stack to intecept traffic etc but im wondering how the client actually knows if the site is bad. Is a DB downloaded to the client or is each web request made sent to sophos via some sort of DNS or other kind of lookup. If its a DB downloaded does anyone have any idea on DB size etc?
Tue 12-Jun-2012 12:21
in short, it does DNS lookups for classifying sites (to block malicious ones).
When download scanning is enabled the content will be scanned "on the fly" (AFAIK the scan will also use live protection if enabled). There's no extra database involved.