Certificate for Sophos Web Protection Warnings?

Question

Hello, 
 I need to reopen the question from an older "comment" by Robert, seen here: ( https://community.sophos.com/intercept-x-endpoint/f/discussions/122473/certificate-for-sophos-web-protection-warnings ) As most of the web is ssl by now, a lot of our users continously raise tickets about ssl errors, as they don't see, that the site is blocked by sophos/design/management request. Expected behaviour: * User must be made aware of that the site is blocked through web control/sophos and not because of some ssl error This for sure can be achived by sticking a CA Certificate in AD or by some kind of popup through the sophos client or something else. It used to work onsite (UTM) with pushing an additional CA cert out to the clients, but we are certainly open for other solutions. Please provide any solutions besides switching the software?

Qoosh · Answer

Hello Sophos ma-edv, 
 Thank you for reaching out to the Sophos Community. Sorry to inform you that with Sophos Endpoint's Web Control components as they are right now, it is not possible to display the "Website Blocked" page for HTTPS sites. 
 With HTTP traffic this is possible as the connection is not secured. Sophos' Web Control components can inject the "Blocked" webpage into the HTTP traffic so that the message is displayed to inform the end-user that the page was blocked. For HTTPS traffic, as the traffic is secured, this is not possible to do. 
 The UTM or XG are able to perform this operation differently. The network appliances do not need to inject the webpage into the traffic, the appliances will instead perform a redirect to their own secured webpage instead of returning the original traffic that was destined for the endpoint. You can picture this as the endpoint connecting to the UTM/XG's webpage displaying a "Block" message. 
 If you would like to see changes made to Sophos AV going forward so that Web Control behaves more similarly to the XG or UTM I recommend submitting your vote on the following feature request. - https://ideas.sophos.com/forums/285723-endpoint-protection/suggestions/18971314-block-page-notice-for-https-content 
 The following article does a great job of explaining the mechanisms at play in terms of how the XG handles this. You'll find that there is much that needs to be present on the network appliance in terms of how it handles these connections in order to present the block message. - https://support.sophos.com/support/s/article/KB-000038420?language=en_US

Certificate for Sophos Web Protection Warnings?

Top Replies