Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Subscribers 15 subscribers
  • Views 1680 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intercept X Advanced doesn't block Risky file types

MZ1

Hi,

Does anyone else experience similar issue of Intercept X Advanced endpoint not blocking any type of risky files from websites (when trying download them) despite policy enforcement? 



This thread was automatically locked due to age.
Parents
  • 0

    I made some tests and it looks like those policies only works on HTTP sources but not from HTTPS, which nowadays is a standard, so am I missing something or Sophos doesn't block anything from secure sources? That would be really bad Disappointed

  • 0 in reply to MZ1

    The current version of web protection/control (part of SAV) does not crack open and inspect HTTPS traffic at the endpoint.  It does not have access to the content to see the type when HTTPS is used.  It can block HTTPS domains using the SNI value in the handshake, this is why web control works generally, i.e. domains being classified as category a, etc. Website block/allow lists.

    Apparently the new version of web protection/control that is coming to an EAP soon will do inspection at the endpoint.  At that time it will be able to classify types over HTTPS.

  • 0 in reply to Sophos User930

    Well, this is quite bizarre because as far as I remember most of modern AV can scan full HTTPS content nowadays. It looks like we will have to move away from Sophos and look at some alternatives then.

  • 0 in reply to MZ1

    The XG can do it at the gateway and you have to distribute certs to the endpoints.

    As far as I know, the new endpoint version will be available in a month or two.

    Is it for the "control" aspect?  I.e. you want it primarily to block exe/dll/jar/etc files from being downloaded?

    Sophos makes use of IOfficeAntiVirus to scan and perform reputation checks on files on download from the browsers that support it.  The realtime scanner will detect anything malicious on write before execution. 

Reply
  • 0 in reply to MZ1

    The XG can do it at the gateway and you have to distribute certs to the endpoints.

    As far as I know, the new endpoint version will be available in a month or two.

    Is it for the "control" aspect?  I.e. you want it primarily to block exe/dll/jar/etc files from being downloaded?

    Sophos makes use of IOfficeAntiVirus to scan and perform reputation checks on files on download from the browsers that support it.  The realtime scanner will detect anything malicious on write before execution. 

Children
Unfiltered HTML