our clients with Intercept-X managed by Sophos Central can still open links to a pishing site.
I'm trying this with the image file on the site listed below: huuybaddyt7swehjgeq/Drive/images/0.jpg
no warning, no block, no log in central. Quite useless.
The only thing thats warns me is google safe search in firefox.
Sophos Support is playing man in the middle between me and Sophos labs.
The site reported hxxp://coloso[.]co - is a business site whose one of the hosting directory (hxxp://coloso[.]co/huuybaddyt7swehjgeq) is compromised and it was hosting phishing content.
We have blocked this URL hxxp://coloso[.]co/huuybaddyt7swehjgeq which will eventually block all it's child URL including hxxp://coloso[.]co/huuybaddyt7swehjgeq/Drive/images/0.jpg will be blocked.
How can it be that this expensive product is still not protecting us from this known threat?
At least our XG is now finally detecting it as Pish but our remote workers are unportected.
The ep blocks it for me as the following.
thanks for your replies. Yes, its frustrating to report an incident and the URL used in the attack were blocked on our side not until two full days later. With a product being updated directly from Sophos Central.
Incident reported 20. Jan 2021 10:54 CET+
today 22. Jan at about 12:00 CET+1 i tested it and now the URL is finally blocked
3 hours before it was still accessible.
an other complaint I have with this case is that just because I mentioned, that Sophos Support can find (only) the malicious URLs attached in the firewall logs, the interceptX support guy decided to move it to the XG team. I'm missing engagement. In every Sophos Support Team.
Anyhow, I asked for closure of the case now.