This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Failed to update. Please check your internet connection

Hi,

we try to scan a system with the "Virus Removal Tool" Version 2.5.4.

The installation worked wel, but after that the tool reported about a connection issue, and that there's no possibiility to update the detection engine and the data... so far so good...

First we took a look to our http proxy and understand that the tool is not able to use a proxy connection, so we search a way to configure that....but there is no way!

Next we took a look in the associate config.xml, there is only one possible entry:  

cloud4 enabled="yes" url="https://4.sophosxl.net/lookup"

We opened that target on the UTM, but i still not working.

So we took a closer look, and find out, that the tool try to reach some (2-3) other endpoints of a CDN via http!

We opened just one of these endponts (cdn-87-248-217-254.frf.llnw.net) and the tool took an update...via http!

-the tool is not able to use a proxy connection
-the update worked unencrypted via http
-the update target isn't dokumented anywhere
-the update target isn't a fixded target in the Sophos domain space, it is a variable endpoint in a CDN

Question: is that what sophos called  "Using cutting edge technology found in our enterprise-grade software, this powerful tool detects all types of malicious software on your computer (Dieses leistungsstarke Tool basiert auf modernsten Technologien, die auch in unseren IT-Security-Produkten für Unternehmenskunden zum Einsatz kommen)"?

Poor enterprise customers -  you have our compassion!

Greetings

:56816


This thread was automatically locked due to age.
Parents
  • hi Christian,

    the tool is not able to use a proxy connection

    unless this has changed with the latest versions it uses the system (WinHTTP) proxy.

    we use the latest version, but it's not working...possible it's not working with user auth?

    the update target (BTW: source is arguably the better term) isn't dokumented anywhere

    as long as it works (and this is apparently in most cases) it's not necessary; do you know the update sources (or where they are documented) for all your software?

    on a system with restricted access - yes of course!  

    And SOPHOS is a security company, and i expect transparent and well documented processes from a security company - even if a tool is for free!

    the update target [...] is a variable endpoint in a CDN

    and this is uncommon? Come on!

    Yes it's common for startups and - sadly - for some big players!   

    In my point of view this is crap! some people do this without the knnowledge of the background need to do their  job.

    If you need an CDN...why not CNAMES be used here in this case?

    the update worked unencrypted via http

    and the problem with this is?

    is that serious? the problem is, that the target,endpoint or in your words the "source" is more trustable!
    How can i know who or what is behind a IP adress? How can io thust this without handshake with a valid signed certifiact!?  

    Thanks anyway for your commiseration :smileyhappy: - question is, do you need assistance?

    i don't need assistance, as you can read...i helped myself.

    :56823
  • I can confirm that the tool CAN use a http/https proxy, when the proxy is set in Internet Explorer Settings.

    However the tool is unable to interpret a proxy pac file.

    You have to set the proxy to IP Address and Port in IE and then it works.

    So, still room for improvement.

Reply
  • I can confirm that the tool CAN use a http/https proxy, when the proxy is set in Internet Explorer Settings.

    However the tool is unable to interpret a proxy pac file.

    You have to set the proxy to IP Address and Port in IE and then it works.

    So, still room for improvement.

Children
No Data