This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Network Threat Protection: Policies

Hi all,

we're testing Sophis Intercept X Advanced. Unfortunately there seems to be an issue with Sophos and Mozilla Firefox.

But first of all the prerequisites:

  • Windows 10 Pro (21H2 fully patched)
  • Mozilla Firefox ESR (v. 98.0.1; default search engine: Google)
  • Google Chrome (v. 99; default search engine: Google)
  • Intercept X Advanced

My default browser is Firefox. Usually I search by entering keywords in the combined URL/search bar. Since Intercept X is installed after a couple of search requests (or after a couple of minutes; not sure if it's a matter of time or of requests) google.com doesn't load any more, if I search for a keyword. Further, links on google.com don't work any more. Though if I enter a valid URL (including google.com) the website gets loaded as usual. If I restart Firefox everything including search/google works fine again for another couple of minutes. If I deactivate "Schutz vor Netzwerkbedrohungen" (probably "protection against network threats" in English) in the endpoint settings, everything works fine. This and the fact that we didn't have any issues without Intercept X installed make me believe that Sophos is the reason for the above-mentioned behaviour.

That's why I have two questions:

  1. In the policy of Sophos Central there's no setting called "Schutz vor Netzwerkbedrohungen". That's why I think that this option consists of several settings in the Sophos Central policy. Unfortunately I didn't find any information which settings are part of the "Schutz vor Netzwerkbedrohungen". Does anyone know which settings belong to that kind of protection?
  2. Did anyone else face this issue? If so were you able to resolve it?

Please let me know if you need any further information. And please don't start a discussion about our default browser. That's not part of this thread :-)

Best regards

Thilo



This thread was automatically locked due to age.
Parents
  • Hi Thilo,

    Thanks for reaching out to the Sophos Community Forum. 

    To narrow down which scanning feature is causing issues, I'd recommend creating a new policy from Sophos Central to be applied to one test device. In the new policy I recommend turning off "Protect Network Traffic". 

    As these issues have just occurred recently, you may also want to try disabling "SSL/TLS decryption of HTTPS websites". This option can be found under General Settings. HTTPS decryption was only recently added, so I suspect this may be more closely related.

    Please let me know what your findings are.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Dear Kushal,

    thanks for your prompt reply. We already disabled the above-mentioned setting (and I did it right now again). Even if it's disabled and the client received the new policy settings the red marked setting "Schutz vor Netzwerkbedrohung" (protection against network threats) is not turned off. As long as this option is activated we still have the above-mentioned problems regarding Firefox.

    SSL/TLS decryption was/is turned off all the time.

    Best regards

    Thilo

Reply
  • Dear Kushal,

    thanks for your prompt reply. We already disabled the above-mentioned setting (and I did it right now again). Even if it's disabled and the client received the new policy settings the red marked setting "Schutz vor Netzwerkbedrohung" (protection against network threats) is not turned off. As long as this option is activated we still have the above-mentioned problems regarding Firefox.

    SSL/TLS decryption was/is turned off all the time.

    Best regards

    Thilo

Children