EAP Sophos 10.0.2 and iboss cloud connector (content filter / proxy) network/internet stops when both are installed.

    •    What feature is impacted?
    ◦    Network access including internet stop working on the client machine as soon as both our iBoss content filter and sophos AV are both installed and the ""SophosWebNetworkExtension" Would Like to Add Proxy Configurations" is allowed.
    •    What is the severity of the issue?
    ◦    High
    •    Summary of the issues:
    ◦    Web browsing and general network access stops working.
    •    Observed behavior (What it did or didn’t do):
    ◦    I installed Sophos AV and our iboss content filter.  If both are installed simultaneously and the "SophosWebNetworkExtension" allowance is set, then internet and network access stops working.  If I uninstall either product then internet/browser and network access resumes.
    •    How do we reproduce it (Provide instructions to help us reproduce the behavior):  Install sophos AV 10.0.2 EAP and iboss cloud connector both.
    •    Frequency (How often this occurs):
    ◦    It happens every time I install the two at the same time on a Big Sur mac.
    •    Desired behavior:(How is it expected to or should behave):
    ◦  We need to be able to have both apple and these products play well together.
    •    Environment (what hardware/software are you using):
    ◦   Sophos AV EAP version 10.0.2, macOS big sur 11.1 or 11.2beta, iboss cloud connector 5.3.30
    •    Other (Any other detail that we need to know about):
    •    Supporting logs, tool output, etc.

  • Check the workaround presented by Sophos Support for the "Sophos Endpoint and Cisco AnyConnect network extension incompatibility (breaks Safari WebSocket connections and other software)" issue.

  • Hi Richard,

    There is a known incompatibility between two Apple APIs in Big Sur - the NEFilterDataProvider and NETransparentProxyProvide where a product that use one API will interfere with products using the other. Our network extension uses NETransparentProxyProvider.

    We have seen issues with websockets implemented with CFStream or NSStream but not widespread connection issues. Could you please provide an SDU to help us in our analysis. You can upload this as follows:

    • Go into Central, find the affected device, and click on the generate SDU button
    • Once the sdu is uploaded, post the file name here so we can extract it and take a look
      • it's worth noting that the upload may fail if the network issues are severe (if this happens we will have to generate and upload separately and I'll happily help you with those steps)

    As Rene has suggested, the workaround is to disable Sophos' network features - it's far from ideal but will leave file-based protections in place (anti-virus, cryptoguard etc).

    We have informed Apple of the issue, and are eagerly awaiting a fix or a workaround.

  • Thank you, this morning I pulled down the most recent 11.3 beta.  I was successfully able to utilize sophos endpoint 10.0.2 and our iboss content filter at the same time after updating to the 11.3 beta 1.  This gives some light at the end of the tunnel with big sur 11.3.  On their list of bug fixes for 11.3 I found the entry below, which looks similar to the issue that some of us are encountering.

     "(Beta 1) Resolves an issue where Content Filtering rules were not applied properly when using multiple Network Extension filters simultaneously."

  • Unfortunately, in recent tests, using both an intel and an m1 mac with big sur I haven't been able to replicate this success.  I had what appeared to be success on an intel mac using big sur 11.3 beta1.  I couldn't ever replicate success on the m1 with 11.3beta1.  I put 11.3beta2 on both my intel and my m1 neither of them work (on the network) with both sophos and the iboss content filter.  I have sent feedback to apple.  It appears, at least to me, that their API is still broken.