I have just finished migrating clients from Sophos on-premise management to Sophos central; the license we use is Intercept X Advanced.
According to Sophos Central the Web-Control Policy I created is used for our domain-users. However the blocking just does not work.
Users are able to access, in this case adult websites without any hinderance.
There is no logging in Sophos Central about users accessing these websites although according to the policy those sites should be blocked and a log entry be made.
In Sophos Central and in the Sophos Agent on the respective clients everything lights up green.
I am startung to suspect that maybe other policies might be not working either
Where do I begin troubleshooting ?
I'll assume you are on Windows 10.
With the current implementation of web control/protection at the client, which is soon to be replaced in the coming months, the traffic should be redirected from…
Thank you for reaching out to the Sophos Community.
I recommend checking from Sophos Central to see the user that is detected as "Logged in" on the affected device. Ensure that the user as shown is listed in the policy you've defined for Web Control.
Sophos Endpoint will create a User Entry based on the logged-in user, which can sometimes affect how policies get applied.
Another way you can find out is by using the following navigation. - Open the "Devices" list- Select the device in question - Navigate to the "Policies" tab under the device- Verify that the desired "Web Control" policy is shown here
This UI will change based on the resulting policies that are applied to the endpoint.
If you can confirm that the correct policy is being applied, but the endpoint does not block websites as expected, let me know by updating this thread, and I can request logs and or remote assistance to take a closer look.
I verified, that the user to whom the policy is bound is indeed logged on to that PC.
Also, I verified, that the Web-Control policy I created is shown under Devices -> Polciies.
Furthermore, I found, that a scheduled scan I set up on a user defined Threat Protection policy, I bound to a computer group where the client in question is a member of did not take place. However this policy is also shown under Devices -> Policy. Therefore, I assume that this policy is also not active on the client.
Please let me no what furthor information you nedd to pin down this issue.
I have reached out via DM to inquire further into your issue.