Mozilla Firefox Trouble with Google Gmail web based access

I have a three users who have trouble with Google Gmail based website while using Firefox. I use InterceptX. I am having issues pinning this down.

** Sophos Core Agent 2.20.13, Endpoint Advanced 10.8.11.4, Intercept X 2.0.24 (standard release channel)
** Mozilla Firefox 99.0.1 64 bit (standard release channel)
** Windows OS 10 Pro 64 bit patched to current (standard release channel)

Issue:
01. Google Workspace Gmail stops updating / timeout message (#001) appears.
02. user must close Firefox completely then start again. (if user does not start Gmail quickly enough Gmail will not start. Close Firefox completely and restart is the option.)

Testing:
01. I started with a brand new windows user. I logged onto the existing Google Workspace Gmail. I did screenshots periodically to document the timeline.
02. Gmail timeout issue appeared after about 60 minutes. (prior Sophos Community noted "Trouble with google based websites using Firefox" issue so I worked that aspect. Once my Google Workspace Gmail started timing out, I worked other Google property websites.) I opened a new tap and tried Gmail (did not load). I opened a new tap and did YouTube (it worked normally). I opened another new tab and tired Google search (it worked normally).
03. SpeedTest.net opened and ran without issue and Pocket.com worked without issue.
04. Sophos Endpoint Agent - I signed in as Admin.
05. From Sophos Endpoint Agent Admin screen ... I disabled different aspects / pieces and after each I would force Gmail to retry. I did this working through "off" but one cannot turn aspect / piece "on" after "off". Hence, I could not work through items individually. I got to half the aspects turned off and still "No Joy". (I screwed up and no screenshot of half items.)
06. After half aspects / pieces "off" and not able to re-enable, I just cancelled / off to all aspects / pieces except Deep Learning.
07. retry for Gmail and the traffic resumed working / flowing.
08. Sophos Endpoint Agent aspect(s) is/are the issue because when all but Deep Learning aspect / piece toggled "Off" and gmail resumed updates / working. However, I am unsure which aspect / piece is the issue.
09. Sophos Endpoint Agent - I signed out as Admin to re-set / re-enable all the aspects / pieces.
10. Gmail running in the originally open Mozilla Firefox tab continued working normally with aspects / pieces enabled EXCEPT Application Control and Data Loss Prevention (did not re-enable when I signed out as Admin).
11. Gmail timeout issue appeared after about 60 minutes. (prior Sophos Community noted "Trouble with google based websites using Firefox" issue so I worked that aspect. Once my Google Workspace Gmail started timing out, I worked other Google property websites.) I opened a new tap and tried Gmail (did not load). I opened a new tap and did YouTube (it worked normally). I opened another new tab and tired Google search (it worked normally).
12. After Windows Firewall, Ransomwear Detection, Safe Browsing, Network Threat Protection, Application Control, and Data Loss Prevention aspects / pieces "off" Gmail resumed working / flowing.

(I can share the screenshots if that helps but they are just timeline value.)

Working each setting in Sophos Endpoint Agent then resetting and waiting an hour is not possible during my work day.


Does anyone have any suggestions? For working this Gmail hanging is irritating issue.



added / clarified the Windows 10 Pro OS is 64 bit and Mozilla Firefox is 64 bit versions.
[edited by: Sophos User6096 at 7:12 PM (GMT -7) on 29 Apr 2022]
Parents
  • Have just installed Intercept X.  Now I have same issue.

    Was using on-premises Endpoint before, but changed because pestered by reseller about end-of-life etc. I am a sole end user, not a sysadmin.

    On starting Firefox, all google domains (google.com, google.co.uk, news.google.com etc) are initially accessible. But after about 5 minutes, they all fail.  Links on the previously opened search pages also fail.

    Restarting Firefox restores access. But then it fails again after about 5 minutes.

    No problems in Edge or Chrome.

    Surprised to read above that some users have had the issue for months. Do Sophos just not care?

  • I must say, that it works fine for me and I've been trying to reproduce this.

    FF 99.0.1

    The following Sophos component versions:

    I'm running Windows 11:

    I've tried with and without HTTPS inspection.

    It all just works fine.  If you use open the Firefox Developer tools on the Network tab, can you capture the issue?

  • Typing google.co.uk into the Firefox browser bar, the Network tab shows nil transferred:

    Typing in news.google.com, same result:

    But typing in google.com, it works:


     

    Google.co.uk is the local domain for searches giving greater priority to UK results. Maybe other people are not getting the fault because not using this. But everyone needs to use news.google.com?

  • An hour later (no intervening browser restart):

    google.co.uk into the Firefox browser works
    google.com doesn't work


    I.e. the opposite of the original problem. ??

    News.google.com still not working.


    This seems very occult. But it's also useless. Trouble-free  access to google sites is not an esoteric requirement. 

  • Do you think you could catch it with Debug logging enabled. If you open Endpoint Self Help

    This sets the DWORD named LogLevel to 0 under:

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Logging\NTP\SophosNetFilter.exe

    it seems from a Process Monitor log.

    In a PS prompt you could tail the log file which should now have debugging enabled. I.e. there will be "D" references in the log file before the messages at this level.

    gc "C:\Programdata\Sophos\Sophos Network Threat Protection\logs\SophosNetFilter.log" -wait -tail 1

    From the broken state, if you "hard" refresh the page, is there any useful error message if Firefox still errors?

    If you still have the browser developer tools open, I suppose you could try checking "Disable cache" option.  Just to be sure any error page is not a cached message in some way although it seems odd to cache an error message.

  • On a minority (maybe 25%) of the failed connections to google sites, I get this (probably uninformative?) error message in the browser window

    I tried doing the Debug Logging thing, but I get "Access Denied" in Powershell (after I figured out what "PS" was)

    I'm not knowledgeable about any of this. I'm a solo end user (one man company), not a sysadmin.

    Looking around this forum, there have been reports of this bug  (under various headings) for several months. 

    Thanks for your suggestions. But I think it's going to take someone with better knowledge than me to fix this. 

  • Can you try to set the following flag in firefox? 

    1. Enter “about:config” in the address bar and continue to the list of preferences.
    2. Set the preference "security.enterprise_roots.enabled" to true.
    3. Restart Firefox.

    __________________________________________________________________________________________________________________

  • If you've been migrated from the SAV based web protection to the new version, which seems to be the case as your list of components doesn't include Sophos Anti-Virus, then you should have the process SophosNetFilter.exe running which is responsible for web protection and control.  This should create the log file: "SophosNetFilter.log".


    With Debug logging on it will grow quite a bit quicker.  I was hoping that for the quick page refresh, tailing the log file with PowerShell then stopping it, once the issue had occurred and then Ctrl-C out of the tail command would given you just the logging needed on screen.

    I suppose you could check the file exists.


  • I set  "security.enterprise_roots.enabled" to true. as suggested above and restarted firefox.

    I do have a process SophosNetFilter.exe in Task Manager.

    But searching C:\Prgramdata\Sophos\Sophos Network Threat Protection  finds no file "SophosNetFilter.log". If I search from higher up the file path, still no good.

    Maybe I don't have the right permissions, I can't view the Programdata\Sophos\Sophos Network Threat Protection folder in file explorer, even as administrator.

  • Try to restart the PC again (Not shutdown and boot, instead reboot). It should import the certificate. 

    __________________________________________________________________________________________________________________

  • Thank you. I seem to have the logging working now. This is the log file for a single click on my Firefox bookmark for google.co.uk (with 0Kb transferred according to Developer Tools):

  • Sorry that print screen didn't get the start of the log - it's longer than my monitor screen - here it is from the start

Reply Children
No Data