Hi all,
Bit of an unusual one, we've been running Sophos Advanced Endpoint with Intercept X on our servers and workstations for a couple of years now, and the policies we believe are well bedded in now with minimal changes if any being made to them.
In the last month or so, I've had multiple cases of a users losing internet connectivity through any internet browser. Browsing to all websites fails, yet other network activity continues (Teams, Outlook, OneDrive, network file shares all work fine).
Initially when it first cropped up I thought it an odd bug, I reinstalled endpoint and after a restart the issue would be gone.
I've later found that when it happens, if I disable tamper protection and then disable 'Real time scanning - Internet' it begins to function again and the user can browse.
The problem seems to randomly pop up, so far only with around 3-4 users, but I'm concerned about it becoming more widespread. Also it returns, so I may get a user through the day using this method, and then it'll be fine for a few days/weeks, before randomly returning again.
Any thoughts on what it may be or where in policy I can look to maybe alter to try and avoid or at least troubleshoot this further?
Finally another thing that may or may not be related, the same users affected by the above sometimes get an alert in the corner from Sophos with a red cross saying 'Sophos IPS Stopped'.
I don't see any services stopping for them, and this alone doesn't seem to affect the user or the browsing. One user claims to have noticed it happens when using MS Teams, and doesn't impact whatever he is doing in Teams.
Again any thoughts on the IPS alerts? is it related to the browsing issue in some way? I've reinstalled the client on one of my laptops that is a repeat sufferer of this, and they still have the issue after a reinstall.
Thanks!
This thread was automatically locked due to age.
