Hi,
Does anyone else experience similar issue of Intercept X Advanced endpoint not blocking any type of risky files from websites (when trying download them) despite policy enforcement?
This thread was automatically locked due to age.
The current version of web protection/control (part of SAV) does not crack open and inspect HTTPS traffic at the endpoint. It does not have access to the content to see the type when HTTPS is used. It can block HTTPS domains using the SNI value in the handshake, this is why web control works generally, i.e. domains being classified as category a, etc. Website block/allow lists.
Apparently the new version of web protection/control that is coming to an EAP soon will do inspection at the endpoint. At that time it will be able to classify types over HTTPS.
The XG can do it at the gateway and you have to distribute certs to the endpoints.
As far as I know, the new endpoint version will be available in a month or two.
Is it for the "control" aspect? I.e. you want it primarily to block exe/dll/jar/etc files from being downloaded?
Sophos makes use of IOfficeAntiVirus to scan and perform reputation checks on files on download from the browsers that support it. The realtime scanner will detect anything malicious on write before execution.
If you have standardised on a browser. I suppose there is always the policy of the browser you might be able to use, e.g support.google.com/.../7579271
If you have standardised on a browser. I suppose there is always the policy of the browser you might be able to use, e.g support.google.com/.../7579271