This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Central Creating Issues Connecting to External Servers

Hi All,

We are experiencing an issue with Adobe CC and the product not being able to reach what appears to be adobe's licensing servers. Please note that I am two weeks old at my company, I have never worked with this product and am going with the best of my understanding of the environment. We believe it is a Sophos issue as if we completely disable the agent on the endpoint everything works, from an infrastructure perspective I have created exceptions that speak to connectivity to adobe's servers but the it has not allowed for connection to their servers. Has anyone seen this issue and if so can you offer some insight into how we are to go about resolving this?



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    I need a bit more information before I can really assist.

    1. what version of our product are you running?
    2. Do you have web control configured in your Sophos endpoint policy?
    3. Do you have web protection configured in your Sophos endpoint policy?
    4. When you say it fails to reach out - does that mean there is no network traffic?
      1. do a packet capture and see if the endpoint is reaching out to the server.
  • Hi Richard,

    Thank you for your response. As for your questions, as far as I know we are running whatever version of Sophos Central (cloud based product) that Sophos is currently delivering. I believe we do have web control and web protection configured as in my global settings I have a website management section where we whitelist and block certain websites, I've not yet done a packet capture as if I disable the agent on the endpoint everything works as expected. Can you point me in the direction of where I need to go to answer your questions definitively around web control and protection?

    Thank you,

    Shannon

  • Does it help to disable Tamper Protection on the computer and stop the Sophos Network Threat Protection service and driver?

    I might suggest the 2 commands as an admin:

    sc.exe stop sntpservice
    sc.exe stop sntp

  • FormerMember
    0 FormerMember in reply to Shannon Harvey

    the first thing you need to determine is if it is the network protection elements or the scanner. It could be either. 

    So, with everything turned on - get a packet capture. Then get another with our stuff turned off. Compare. If there is no traffic out on the first but there is on the second - most likely (but not 100%) it is with web protection - and you can add a bypass for the site.

    To test further, in your threat protection policy (create a test one that you assign only to one machine) turn off web protection. Apply. Does the problem go away? If yes, then it is web protection and put in a bypass.

    If no, then it might be the scanner. In that same policy turn of Real Time protection. Does the problem go away? If yes, then it is the scanner interfering with their PE - you can add an exclusion for it.

    If no, then it might not be Sophos interfering at all - we would need to do more tests.

Reply
  • FormerMember
    0 FormerMember in reply to Shannon Harvey

    the first thing you need to determine is if it is the network protection elements or the scanner. It could be either. 

    So, with everything turned on - get a packet capture. Then get another with our stuff turned off. Compare. If there is no traffic out on the first but there is on the second - most likely (but not 100%) it is with web protection - and you can add a bypass for the site.

    To test further, in your threat protection policy (create a test one that you assign only to one machine) turn off web protection. Apply. Does the problem go away? If yes, then it is web protection and put in a bypass.

    If no, then it might be the scanner. In that same policy turn of Real Time protection. Does the problem go away? If yes, then it is the scanner interfering with their PE - you can add an exclusion for it.

    If no, then it might not be Sophos interfering at all - we would need to do more tests.

Children
No Data