Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 13 subscribers
  • Views 515 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Request for improved conflicts from boot-up with specific DLP (data leakage prevention) programs - Privacy-i DLP

Dave_Admin User

Hello, Sophos headquarters.

I am a Korean customer.

There is a very urgent problem, so I leave a message to the community asking for improvement.

We have purchased Sophos now, but we are unable to use the MacOS version of the vaccine, which is over 50 percent.

1. a summary of a problem

In the environment below, there is a conflict from the boot process between programs. Source level exception handling is required in Sophos.

Environment: MacOS Catalina, Vixer
Version of Sophos: 10.0.4

We are using a data leakage prevention solution named Privacy-i with Sophos. According to the manufacturer's investigation of the detailed cause from the boot level, Sophos is interfering with the operation of the program.

The path where the program is installed and executed is as follows.

/usr/local/privacy-i/

Please handle the above path as an exception from boot level of boot. The global exclusion setting in Central is not applied.

Below is the debug log for cause analysis in the Privacy-i program.

If you need any more information, please reply.

1. Issue: Intermittent PC row phenomenon during MacOS Big Sur version
2. Analysis Contents
- In case of AUTH event (main row occurrence logic part), the debug log was set up and collected, but the row is generated by the exhaustion.
No content was generated for the event (only the policy receive log exists after booting, see the attached log below) Sophos Corporation
I checked the normal operation after removing the product.
- The Sophos Company Extension module handles AUTH-related events between the Sourmansa Privacy-i daemon and application loading.
It is assumed to be an issue.
- Sophos company's program has exceptional path for Somancy-i daemon, but only with simple path, part of all events is the case.
You need to check if the exception is processed further.

<Debug Log>

2021-04-01 12:51:14    [pid:1579]    [info]    [DLP][SmartCmd_Parser_CM] SetProcessAccessCheck

2021-04-01 12:51:14    [pid:1579]    [info]    [DLP][SmartCmd_SetProcessAC] ProcessAccessCheck=1, bLog=1

2021-04-01 12:51:15    [pid:1579]    [info]    [DLP][SmartCmd_Parser_CM] ClrMobilePermitList

2021-04-01 12:51:15    [pid:1579]    [info]    [DLP][SmartCmd_SetCtrlMobile] bMtpLog=1 bMtpBlock=0 bPtpLog=1, bPtpBlock=0

2021-04-01 12:51:15    [pid:1579]    [info]    [DLP][SmartCmd_Parser_CM] SetControlCamera

2021-04-01 12:51:15    [pid:1579]    [info]    [DLP][SmartCmd_SetControlCamera] bCameraBlock=0, bLog=1

2021-04-01 12:51:15    [pid:1579]    [info]    [DLP][SmartCmd_Parser_CM] SetControlRNDIS

2021-04-01 12:51:15    [pid:1579]    [info]    [DLP][SmartCmd_SetControlRNDIS] bBlock=0, bLog=1

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_Parser_CM] SetControlAirDrop

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetControlAirDrop] bBlock=0, bLog=1

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_Parser_CM] SetQuarantinePathExt

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetQtPathExt] QtPath=/Users/Shared/Privacy-i/Quarantine

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_Parser_CM] SetPermitProcessName

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=COM.SOPHOS.ENDPOINT.SCANEXTENSION

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=WINDOWSERVER

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=MDWORKER

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=ADB

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=GIT

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=SOURCETREE

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=STUDIO

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=COM.SOPHOS.ENDPOINT.SCANEXTENSION

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=COM.SOPHOS.ENDPOINT.NETWORKEXTENSION

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=SOPHOSSERVICEMANAGER

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=SOPHOSAUTOUPDATE

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=SOPHOSCONFIGD

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=SOPHOSEVENTMONITOR

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=SOPHOSDEVICECONTROLD

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=SOPHOSEVENTMONITOR

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=SOPHOSCRYPTOGUARD

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=SOPHOSHEALTHD

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=SOPHOSSCAND

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=SOPHOSWEBINTELLIGENCE

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=SOPHOSAGENT

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=SOPHOSSXLD

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=SOPHOSSCAND

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=SOPHOSMCSAGENTD

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=SOPHOSUISERVER

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=SOPHOSANTIVIRUS

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=SOPHOSMANAGEMENTAGENT

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=SOPHOSMESSAGEROUTER

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=SOPHOSHEARTBEATD

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=SYMANTEC ENDPOINT PROTECTION

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=PULSE SECURE

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=ESETS_DAEMON

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=INTERCHECK

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=SOPHOSSERVICEMANAGER

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=NCLIENT

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=NXHELPER

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitProcessName] proc=NXSYSQRY

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_Parser_CM] SetPermitFolderName 

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitFolderName] Index=0, FolderName=

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitFolderName] Index=1, FolderName=,

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_Parser_CM] SetPermitFileExtName

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitFileExtName] Index=0, FileExt=

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitFileExtName] Index=1, FileExt=

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitFileExtName] Index=2, FileExt=

2021-04-01 12:51:16    [pid:1579]    [info]    [DLP][SmartCmd_SetPermitFileExtName] Index=3, FileExt=8ŸK|ÿ

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP][SmartCmd_Parser_CM] SetDrivePolicy

 

...

 

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]    path-/usr/

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]    path-/var/

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]    path-/private/

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]    path-/dev/

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]    path-/.CFUserTextEncoding

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]    path-/.DS_Store

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]    path-/Info.plist

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]    path-/InfoPlist.strings

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]    path-/ServicesMenu.strings

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]Upload name-WebKit

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]    target name-Safari

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]    path-/Applications/

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]    path-/dev/

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]    path-/Library/

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]    path-/private/

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]    path-/System/

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]    path-/usr/

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]    path-/var/

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]    path-/private/

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]    path-/dev/

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]    path-/.CFUserTextEncoding

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]    path-/.DS_Store

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]    path-/Info.plist

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]    path-/InfoPlist.strings

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]    path-/ServicesMenu.strings

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]add_upload_process-KakaoTalk

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]add_upload_process-Safari

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]add_upload_process-Safari

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]add_upload_process-Safari

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]add_upload_process-Google Chrome

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]add_upload_process-Google Chrome

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]add_upload_process-Google Chrome

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]add_upload_process-Google Chrome

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]add_upload_process-Firefox

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]add_upload_process-Firefox

2021-04-01 12:51:17    [pid:1579]    [info]    [DLP]add_upload_process-Safari



This thread was automatically locked due to age.
Unfiltered HTML