Hi Team,
As per the following link, I found that swi_fc.exe is making outbound internet connection to a few public IPs which makes sense because swi_fc acts as a proxy, which has raised a question that, if this were the case, then should swi_fc not make all outbound connections on behalf of my other browsers like Mozila/Chrome etc. But if I monitor the traffic, then only some traffic goes via swi_fc whereas the rest goes via the browsers themselves. Please advise how Sophos manages to choose which websites should it route via swi_fc?
community.sophos.com/.../swi_fc-exe-connecting-to-malicious-domain
Hello Kashif,
Thank you for reaching out to the Sophos Community.
The following Recommended Read article explains a bit further how some traffic may not follow the typical checks. Mainly "Excluded" traffic, as well as "Streaming resources". - Sophos Endpoint: How Sophos Web Interception works
I am in the process of inquiring internally to get further details to answer your question. I will update you as more information becomes available.