This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Network Threat Protection: Policies

Hi all,

we're testing Sophis Intercept X Advanced. Unfortunately there seems to be an issue with Sophos and Mozilla Firefox.

But first of all the prerequisites:

  • Windows 10 Pro (21H2 fully patched)
  • Mozilla Firefox ESR (v. 98.0.1; default search engine: Google)
  • Google Chrome (v. 99; default search engine: Google)
  • Intercept X Advanced

My default browser is Firefox. Usually I search by entering keywords in the combined URL/search bar. Since Intercept X is installed after a couple of search requests (or after a couple of minutes; not sure if it's a matter of time or of requests) google.com doesn't load any more, if I search for a keyword. Further, links on google.com don't work any more. Though if I enter a valid URL (including google.com) the website gets loaded as usual. If I restart Firefox everything including search/google works fine again for another couple of minutes. If I deactivate "Schutz vor Netzwerkbedrohungen" (probably "protection against network threats" in English) in the endpoint settings, everything works fine. This and the fact that we didn't have any issues without Intercept X installed make me believe that Sophos is the reason for the above-mentioned behaviour.

That's why I have two questions:

  1. In the policy of Sophos Central there's no setting called "Schutz vor Netzwerkbedrohungen". That's why I think that this option consists of several settings in the Sophos Central policy. Unfortunately I didn't find any information which settings are part of the "Schutz vor Netzwerkbedrohungen". Does anyone know which settings belong to that kind of protection?
  2. Did anyone else face this issue? If so were you able to resolve it?

Please let me know if you need any further information. And please don't start a discussion about our default browser. That's not part of this thread :-)

Best regards

Thilo



This thread was automatically locked due to age.
Parents Reply
  • Any update on a fix? This issue seems to be affecting me as well all Google affiliated sites,(e.g.,  mail, chat, meet, youtube) seem to be affected.  FWIW, the https decryption was never enabled and I tried disabling Firefox's DNS over HTTPS (which did nothing).

    Disabling Network Threat Protection (on client) would make the problem go away, but the only effective policy change seemed to be disabling the "Block Access to Malicious Websites"

    One thing I did notice was that there seemed be some interaction between Sophos and uBlock Origin (Firefox plugin). No amount of whitelisting (in uBO) would make the problem go away, but I did find that if I disabled the plugin entirely things would work. 

    I'm not sure whether the OP uses uBO or not.

Children
No Data