This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos DLP rule block internal network links

Dear all,

We have following issues with a couple of users - They not able to open a link in Outlook, it doesnt matter if its link to a local or a network file.Most after hours the link opens, somtimes they not able to upload files in the webbrowser, for example when you click choose files and the explorer should open - this happens after minimum 1 hour, till then the browser is freezed.

We able to identifyed that our DLP Rule is the reason for this - if DLP is disabled links work fine - The dlp contain just 2 rules which alert when a specific number of email addresses exported to any file or device.

Anyone had something similar ?

Thanks



This thread was automatically locked due to age.
Parents
  • Hi Supporter0711,

    Thank you for reaching out. Is this only affecting Windows Endpoints? We have released the core agent 2022.1.1.3 which has a fix for the issue you reported. We recommend that you check whether these devices had already received the update.

    The release is scheduled to take place as follows:
    •16th June: All accounts on Core Agent 2022.1.0.78 and customer fix requests
    •21st June: Start date for remaining customers
    •07th July: End date

    Let us know if you require additional information. Thank you.


    Gladys Reyes
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Gladys -- question -- it appears the core agent version number format you are discussing (year followed by other version numbers) is different than what supporter0711 and I see when we go to the about link in the endpoint agent itself.  Now, Intercept X uses that numbering scheme (and appears to be recently updated) but the Core Agent uses an entirely different numbering scheme.  Is there somewhere else we should be looking to see what the real version of the core agent is, or does this indicate that the rollout was not successful (none of the computers on our central account have a core agent version different than 2.20.13 -- all show successful "last update" statuses.  I'll attach a screenshot.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • Hi ,

    Based on the screenshot that you shared, your device still have not received the latest core version. In this case, we recommend that you open a support ticket so our team can further look into it. You might need to join the devices into the EAP for Endpoints, but there's also a possibility that controlled updating is enabled for your devices which could affect things.

    Kindly open a support case or call our support hotline (support.sophos.com/.../ in order for us to further investigate. Thank you.


    Gladys Reyes
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hi all,

    we are in the same situation. No controller for update is enabled in our sophos management console. Check the screen below for update status:

  • I created a ticket and talked to the support team, it seems there must be a special flag in the sophos backend to enable the update per customer. Waiting for the implementation

  • I believe there is more to this.  We are a Platinum Reseller and MSP -- I've checked several customer central accounts and NONE of them report a core agent version higher than 2.20.13 (one shows 2.20.11) -- and all have successful updates logged in central for all clients.  Our internal use account:  same thing.  NONE of these have controlled updates configured.  Are you absolutely sure that the latest version core agent has been enabled for all Central Accounts?  I recall seeing some posts here talking about issues with certain WiFi adapters, etc. with this latest version core agent... are you sure they just didn't put the release on hold?  I'm certainly not willing to risk a bunch of issues by starting a support case to get this agent forced out... also, if it's this many that aren't enabled, and it's supposed to be pushed out, there must be some other issue in Central.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • Core Agent version 2022.1.1.3 has been superseded by version 2022.2.1. This is due to the Wi-Fi issue that was found. If you need version 2022.1.1.3, I suggest raising a support case so that your environment can be moved into the appropriate release group.

    The release dates for version 2022.2.1 are still in the planning stages, though I expect the release to start before the end of July. 

    Apologies for the confusion Bruce.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Ahh so that makes sense -- basically the updates have been postponed etc. due to fixes pending.  Makes much more sense as no customer of mine (thus far) is beyond the versions I reported.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply
  • Ahh so that makes sense -- basically the updates have been postponed etc. due to fixes pending.  Makes much more sense as no customer of mine (thus far) is beyond the versions I reported.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children
No Data