Hi,
we try to scan a system with the "Virus Removal Tool" Version 2.5.4.
The installation worked wel, but after that the tool reported about a connection issue, and that there's no possibiility to update the detection engine and the data... so far so good...
First we took a look to our http proxy and understand that the tool is not able to use a proxy connection, so we search a way to configure that....but there is no way!
Next we took a look in the associate config.xml, there is only one possible entry:
cloud4 enabled="yes" url="https://4.sophosxl.net/lookup"
We opened that target on the UTM, but i still not working.
So we took a closer look, and find out, that the tool try to reach some (2-3) other endpoints of a CDN via http!
We opened just one of these endponts (cdn-87-248-217-254.frf.llnw.net) and the tool took an update...via http!
-the tool is not able to use a proxy connection
-the update worked unencrypted via http
-the update target isn't dokumented anywhere
-the update target isn't a fixded target in the Sophos domain space, it is a variable endpoint in a CDN
Question: is that what sophos called "Using cutting edge technology found in our enterprise-grade software, this powerful tool detects all types of malicious software on your computer (Dieses leistungsstarke Tool basiert auf modernsten Technologien, die auch in unseren IT-Security-Produkten für Unternehmenskunden zum Einsatz kommen)"?
Poor enterprise customers - you have our compassion!
Greetings
This thread was automatically locked due to age.
