I have a policy that seems to be working on a user we are trialing this software out with. I have some web filters set and they are blocking sites. But I have set it to not allow exe downloads and other types. This isn't working. HP support site printer downloads come down no problem. It seems simple to configure so am I missing something else or is this not working?
I assume it is fine for HTTP but not for HTTPS. The current shipping version only supports HTTP for this part of the solution.
Given the info here:Important Changes to the Endpoint/Server Protection and EDR Features Early Access Program - Announcements - Endpoint EAP - Sophos Community
maybe the EAP works. I've not tried it yet.
It should work fine for HTTPS. However what I recently found out was, that when the QUIC protocol is used (i.e. with Chrome and a Webserver supporting QUIC), it seems to bypass WebControl.
The current version relies on obtaining the SNI from the handshake to know the domain when the site is served over HTTPS. It can use this to classify sites so blocking malicious sites and classifying sites works. The problem here is with the blocking of file types via HTTPS which isn't something the proxy can "see" as the traffic is not decrypted at the endpoint. It can scan the file as it's written to disk and can be scanned as part of download reputation for the browsers that support that feature
Right, I missed the exe part. You are absolutely correct about, I was only thinking of hostnames, not of other parts of the URL.
Thanks. We use Kaspersky now to do this for a few years now and it works very well with HTTPS. We will hold off for a while and try Sophos again down the road.
Once I see it working I'll try and remember to update this thread. Thanks