Thread Info
  • State Not Answered
  • +4 person also asked this people also asked this
  • Locked Locked
  • Replies 21 replies
  • Subscribers 23 subscribers
  • Views 11133 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Network Threat Detection is blocking Cypress automation tool

Adrian Ling

We run Cypress as our web automation tool and as of the past week or two Cypress has been crashing with the error message: Error: read ECONNRESET at TCP.onStreamRead (node:internal/stream_base_commons:211:20)

As I'm not in control of the Sophos Endpoint Agent I was able to get the IT team to give me the tamper password to test disabling the 'Network Threat Protection' once this was done Cypress was able to run the automated tests properly.

(Stack Overflow thread with others reporting issue)

Has something changed recently and is there someway that Sophos can fix this so I don't have to disable the network threat protection? If you need any info or help with this let me know.

Thanks

Adrian



This thread was automatically locked due to age.
  • 0

    Hello,


    It would help if we get some feedback from support.
    The URL to the exclusions list for "Decrypt HTTPS websites using SSL/TLS" did not work.
    Cypress still works over Electron as a workaround, usage over Google Chrome is blocked and it is necessary to have it.


    Thanks.

  • 0

    BUMP!

    Our Developers (who already hate Sophos), are experiencing this issue too. There's more information on the Cypress GitHub: https://github.com/cypress-io/cypress/issues/14175

    I will raise a case with Sophos, as it's clear it's not getting any traction here, and I can't afford to give our developers more ammo against Sophos; which according to them "slows down everyting!".

    We all know that all AV slows down a machine, and I know that Sophos are working in the background to improve scanning etc, but any help from Sophos would be appreciated here.

    Once I get the ticket number I will post it here for others to reference for a "me too"...

    Thanks, 

    John

  • 0 in reply to John Fry

    Sounds good, my developer saw the same GitHub issue and it's what lead me here. Let us know that ticket number when you can.

    Thanks,

  • 0 in reply to John Fry

    This issue is actively being looked into by our development teams. A fix has not yet been found, but I will update you here if I see anything promising in the coming days. 

    There will be an update which begins the release cycle on May 19th (completed on July 5th) that will affect network traffic interception and inspection, which is geared towards addressing some of the issues customers have been experiencing lately. That update will hopefully include some changes to address this issue as well. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0 in reply to Qoosh

    Could you please explain your release cycle? Do you mean that we will not see a fix for this until July 5th? We were told by your support person he would be trying to push for a hot fix? Please update. Having my IT admin have to log into my computer every 4 hours isn't exactly a solution I want to have to endure for the next month and a half.

  • 0 in reply to Curtis Jensen

    I'm not able to confirm that the update will fix the issues with Cypress at this time. If that turns out to be the case I will let you know here. If the fix will be pushed out during this release cycle, I recommend opening a support case so that your site can be moved into one of the earlier release groups.

    Others in the forum have mentioned that the "Electron Browser" does not run into this problem. 

    Adrian Ling said:
    I can confirm that the tests run fine if I use the electron browser, so that is one work around.

    Another option would be to turn off the following components from Sophos Central so that the "Sophos Net Filter.exe" is no longer running on your local device. 

    • Web Control (Web control policy)
    • Scan downloads in progress (Threat Protection policy)
    • Block access to malicious websites (Threat Protection policy)
    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0 in reply to Qoosh

    Turning off

    • Web Control (Web control policy)
    • Scan downloads in progress (Threat Protection policy)
    • Block access to malicious websites (Threat Protection policy)
      Does not work

      turning off Network threat protection via Sophos admin with tamper password works but isn't a good option .

      Any update on this?
  • 0 in reply to Aaandy

    Do you know if you've followed the same steps as mentioned in the following article? 
    - Advisory: Sophos Central Endpoint - Issues with Cypress automation tool caused by Modern Web

    This issue is still under investigation by our development team. Future updates and progress will be logged in this KBA as well.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0 in reply to Sophos User930

    I tested an early release of 2022.1.1.3, with NTP version 1.16.2621.

    As long as the website exclusion 127.0.0.1 is added, Cypress now works for me without erroring with "ECONNRESET".

    For reference, I set up the threat protection policy which is linked to the device with a website exclusion:

    Such that it ends up in the reg value approved_site_patterns under:

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy\ThreatProtection\[revision]\web_protection\

    If I remove the exclusion if did fail as before.

    I understand that this version should be being made available soon.

  • 0 in reply to Sophos User930

    how did you get early access? our only solution was to disable network threat protection for few time windows when theyre doing testing

Unfiltered HTML