Posts: 32
Registered: ‎Thu 04-Feb-2010

How does web protection work?



A few of our security guys are asking how the sophos web protectiong actually works before implimenting it.


I know an LSP is created on the machines network stack to intecept traffic etc but im wondering how the client actually knows if the site is bad. Is a DB downloaded to the client or is each web request made sent to sophos via some sort of DNS or other kind of lookup. If its a DB downloaded does anyone have any idea on DB size etc?


Best Regards


Dave J

Executive VIP
Posts: 5,023
Registered: ‎Mon 23-Nov-2009

Re: How does web protection work?

Hello Dave,


in short, it does DNS lookups for classifying sites (to block malicious ones).

When download scanning is enabled the content will be scanned "on the fly" (AFAIK the scan will also use live protection if enabled). There's no extra database involved.