Central Intercept-X not blocking pishing website. wasting my time with support

Hi,

our clients with Intercept-X managed by Sophos Central can still open links to a pishing site.

I'm trying this with the image file on the site listed below: huuybaddyt7swehjgeq/Drive/images/0.jpg

no warning, no block, no log in central. Quite useless.

The only thing thats warns me is google safe search in firefox.

Sophos Support is playing man in the middle between me and Sophos labs.

The site reported hxxp://coloso[.]co - is a business site whose one of the hosting directory (hxxp://coloso[.]co/huuybaddyt7swehjgeq) is compromised and it was hosting phishing content.

We have blocked this URL hxxp://coloso[.]co/huuybaddyt7swehjgeq which will eventually block all it's child URL including hxxp://coloso[.]co/huuybaddyt7swehjgeq/Drive/images/0.jpg will be blocked.

Case 03552330

How can it be that this expensive product is still not protecting us from this known threat?

At least our XG is now finally detecting it as Pish but our remote workers are unportected.



huuybaddyt7swehjgeq/Drive/images/0.jpg
[bearbeitet von: LHerzog um 2:40 PM (GMT -8) am 21 Jan 2021]
Parents
  • Hi,

    I'm sorry you’re frustrated, and I can understand. Website detections are always a bit of a balancing act between protection and being overly aggressive and causing an FP on the hit. Our Labs department works very hard to ensure that our products are as responsive as possible to the ever-evolving threat landscape in the wild. 

    We’re also constantly improving our products themselves. We have plans this year to address the endpoint Web Protection suite to provide an updated user experience and threat-protection system.

    If you want to address your specific concerns - please PM me, and I can discuss them with you.

    RichardP

    Snr. New Product Introduction Engineer | CISSP | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Reply
  • Hi,

    I'm sorry you’re frustrated, and I can understand. Website detections are always a bit of a balancing act between protection and being overly aggressive and causing an FP on the hit. Our Labs department works very hard to ensure that our products are as responsive as possible to the ever-evolving threat landscape in the wild. 

    We’re also constantly improving our products themselves. We have plans this year to address the endpoint Web Protection suite to provide an updated user experience and threat-protection system.

    If you want to address your specific concerns - please PM me, and I can discuss them with you.

    RichardP

    Snr. New Product Introduction Engineer | CISSP | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Children
No Data