Overriding Web Category and Risk with web policy

Hi,

I was testing a website exclusion in Intercept-X and had a hard time to finnaly get it working.

So I wanted to browse to the Sophos Testsite.

As expected this was blocked. regardless of http or https used.

So I went to Central Global settings and created an exception for that website and selected a manual Category:

But I Intercept-X was still blocking access to the page.

Ruling out a specific module, I disabled one by one.

Obviously it was beeing blocked by Sophos Network Threat Protection.

The machine has EAP installed and https decryption enabled.

I could immediately browse to that website after disabling Sophos Network Threat Protection.

So I added the second exception for the website in the https decryption section:

Now, if I open that page with https I can only see xml code:

http still shows block banner

So I added a third exception in the Threat Policy for the device:

but this did not change anything.

I don't have a clue where to allow it else than on the three menues I already was.



Edited tags
[edited by: Gladys at 6:44 AM (GMT -7) on 25 Jul 2022]
Parents
  • Hi LHerzog,

    When accessing the website "https://sophostest.com/hacking/index.html" on a system without Sophos installed, I see that the XML page is also returned. I will inquire internally to see if this is the expected result or if there should be some content displayed on the webpage. 

    When testing the website management category override, I could go to the website successfully without returning a block message. During testing, I am using incognito windows each time so that the previously cached response from the webpage is not presented.

    In some cases, if Sophos Central reports that a website is blocked due to the Hacking category, it will also have a malicious detection when navigating to the site. In these situations, you may also need to create an exclusion in the Threat Protection Policy for the website in question. I don't believe that to be the case with the sophostest hacking site. 

    Let me know if you're also using incognito windows or are clearing the cache when testing.

    Kushal Lakhan
    Global Community Support Engineer
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply
  • Hi LHerzog,

    When accessing the website "https://sophostest.com/hacking/index.html" on a system without Sophos installed, I see that the XML page is also returned. I will inquire internally to see if this is the expected result or if there should be some content displayed on the webpage. 

    When testing the website management category override, I could go to the website successfully without returning a block message. During testing, I am using incognito windows each time so that the previously cached response from the webpage is not presented.

    In some cases, if Sophos Central reports that a website is blocked due to the Hacking category, it will also have a malicious detection when navigating to the site. In these situations, you may also need to create an exclusion in the Threat Protection Policy for the website in question. I don't believe that to be the case with the sophostest hacking site. 

    Let me know if you're also using incognito windows or are clearing the cache when testing.

    Kushal Lakhan
    Global Community Support Engineer
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children
No Data