This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Endpoint Protection - Error while using AusweisApp2

Hello,

We are having issues on our devices with the AusweisApp2 in conjunction with Sophos Endpoint Protection.
The AusweisApp2 is a German application for authenticating oneself on the Internet with one's identity card on government websites.
When the Endpoint Protection is active, we get the error message from the AusweisApp2 as shown in the screenshot below.

However, if we disable the "Web Control" and "Internet" settings on a device, the AusweisApp2 works and we do not get any error message.
We have already set for the application on the list of allowed applications. Unfortunately, this did not help. We also whitelisted the URL for verification with the provider. Also without success.

Unfortunately, my research in the support area as well as in the community area did not find anything about this problem.

Does it make sense to open a support case directly with Sophos?

I thank you in advance for all the answers.
With best regards
Lasse Spiegel

This thread was automatically locked due to age.

Top Replies

Lasse Spiegel over 1 year ago in reply to TerryNeumann +3 verified

Moin Terry, wir haben vom Sophos Support die Lösung bekommen. Unter "Globale Einstellungen -> Globale Ausschlüsse" muss 127.0.0.1 als Website ausgeschlossen werden. Dann funktioniert die Ausweisapp…

Parents

0 Qoosh over 1 year ago

Hi Lasse,

Thanks for reaching out to the Sophos Community Forum.

I suggest adding an exclusion for the website from the page "SSL/TLS decryption of HTTPS websites". You can verify that the exclusion is applied by checking the following registry key.
- HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy\ThreatProtection\######\web_protection

The numbers will correspond to the policy revision that's been received. You may also want to reboot the affected device once the exclusion is applied if this does not work right away. If the issue continues to persist, you may want to raise a case with our support team so this can be looked into.

A similar thread was raised recently where authentication continued to fail.
- https://community.sophos.com/intercept-x-endpoint/f/discussions/136397/ssl-tls-decryption-with-smartcard-or-certificate-based-authentication

If this also occurs to you, I suggest checking the logs at "C:\ProgramData\Sophos\Sophos Network Threat Protection\Logs\" to see if any additional IP addresses are being reached when you try to connect/authenticate.

Kushal Lakhan

Team Lead, Global Community Support
Connect with Sophos Support, get alerted, and be informed.
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Qoosh over 1 year ago

Hi Lasse,

Thanks for reaching out to the Sophos Community Forum.

I suggest adding an exclusion for the website from the page "SSL/TLS decryption of HTTPS websites". You can verify that the exclusion is applied by checking the following registry key.
- HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy\ThreatProtection\######\web_protection

The numbers will correspond to the policy revision that's been received. You may also want to reboot the affected device once the exclusion is applied if this does not work right away. If the issue continues to persist, you may want to raise a case with our support team so this can be looked into.

A similar thread was raised recently where authentication continued to fail.
- https://community.sophos.com/intercept-x-endpoint/f/discussions/136397/ssl-tls-decryption-with-smartcard-or-certificate-based-authentication

If this also occurs to you, I suggest checking the logs at "C:\ProgramData\Sophos\Sophos Network Threat Protection\Logs\" to see if any additional IP addresses are being reached when you try to connect/authenticate.

Kushal Lakhan

Team Lead, Global Community Support
Connect with Sophos Support, get alerted, and be informed.
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Lasse Spiegel over 1 year ago in reply to Qoosh

Hello Kushal,

Thank you for your response.

We aren't currently using the HTTPS decryptioon feature. It's not enabled for any Thread Protection rule.

I could indeed find entries where Sophos checked connections. They returned always page allowed and/or decision:continue.

I'm going to raise a support ticket.

Thank you for your support.

Best regards,

Lasse Spiegel
Cancel
Vote Up +1 Vote Down

Cancel

0 TerryNeumann over 1 year ago in reply to Lasse Spiegel

Hallo Lasse,

hast du eine Lösung vom Support erhalten?

Wir haben das selbe Problem. HTTPS Scann ist bei uns auch nicht aktiv.

Wenn ich im Sophos Client die "Web Control" und "Echtzeit-Scans Internet" ausschalte, dann kann der Client die Verbindung aufbauen und die Daten werden vom Ausweis auf die Webseite übertragen.

In der Logdatei "SophosNetFilter.log" wird die Seite auch erlaubt. Aber es funktioniert nur, wenn "Web Control" und "Echtzeit-Scans Internet" aus sind.

2022-11-03T15:06:37.260Z [18224:17124] I WebControl enabled by policy
2022-11-03T15:06:37.260Z [18224:19200] I SNF has been successfully initialized
022-11-03T15:06:58.680Z [18224: 4324] I [clienthello] connection:0x24a4c8d2b60 sni:www.fuehrungszeugnis.bund.de flowId:26995 decision:nodecrypt
2022-11-03T15:06:58.681Z [18224:17124] I [request] connection: 0x24a4c8d2b60 url:www.fuehrungszeugnis.bund.de flowId:26995 decision:allowed riskLevel:2 universalCategory:18
2022-11-03T15:06:58.681Z [18224:17124] I page allowed: www.fuehrungszeugnis.bund.de

2022-11-03T15:06:58.685Z [18224: 4324] I [clienthello] connection:0x24a4be80230 sni:www.fuehrungszeugnis.bund.de flowId:26994 decision:nodecrypt
2022-11-03T15:06:58.686Z [18224:17124] I [request] connection: 0x24a4be80230 url:www.fuehrungszeugnis.bund.de flowId:26994 decision:allowed riskLevel:2 universalCategory:18
2022-11-03T15:06:58.686Z [18224:17124] I page allowed: www.fuehrungszeugnis.bund.de

2022-11-03T15:06:58.847Z [18224:18544] I [webengine] New connection 0x24a4c8d2da0
2022-11-03T15:06:58.848Z [18224:17124] I [check-ip] connection:0x24a4c8d2da0 ip:80.245.152.60 flowId:26998 decision:continue
2022-11-03T15:06:58.849Z [18224:15504] I [clienthello] connection:0x24a4c8d2da0 sni:www.fuehrungszeugnis.bund.de flowId:26998 decision:nodecrypt
2022-11-03T15:06:58.850Z [18224:17124] I [request] connection: 0x24a4c8d2da0 url:www.fuehrungszeugnis.bund.de flowId:26998 decision:allowed riskLevel:2 universalCategory:18
2022-11-03T15:06:58.850Z [18224:17124] I page allowed: www.fuehrungszeugnis.bund.de

2022-11-03T15:06:59.959Z [18224:18544] I [webengine] New connection 0x24a4c827b30
2022-11-03T15:06:59.960Z [18224:17124] I [check-ip] connection:0x24a4c827b30 ip:127.0.0.1 flowId:26999 decision:continue
2022-11-03T15:06:59.961Z [18224:19060] I [request] connection: 0x24a4c827b30 url:http://127.0.0.1/ flowId:26999 decision:allowed riskLevel: universalCategory:
2022-11-03T15:06:59.989Z [18224:18544] I page allowed: http://127.0.0.1/
2022-11-03T15:06:59.989Z [18224:17124] I [scan] connection:0x24a4c827b30 url:http://127.0.0.1/ flowId:26999 decision:allowed
2022-11-03T15:06:59.990Z [18224:19064] I [webengine] Closing connection 0x24a4c827b30 for 'http://127.0.0.1/': request=515B, response=444B, lifetime=31ms, firstResponse=28ms, businessLogicDelay=0ms, timeInCache=3ms, in=29ms, out=29ms, r.eos=29ms

2022-11-03T15:06:59.990Z [18224:18544] I [webengine] New connection 0x24a4be80b10
2022-11-03T15:06:59.991Z [18224:17124] I [check-ip] connection:0x24a4be80b10 ip:127.0.0.1 flowId:27001 decision:continue
2022-11-03T15:06:59.991Z [18224:17124] I [request] connection: 0x24a4be80b10 url:http://127.0.0.1/eID-Client?Status flowId:27001 decision:allowed riskLevel: universalCategory:
2022-11-03T15:06:59.997Z [18224:18544] I page allowed: http://127.0.0.1/eID-Client?Status
2022-11-03T15:06:59.997Z [18224:17124] I [scan] connection:0x24a4be80b10 url:http://127.0.0.1/eID-Client?Status flowId:27001 decision:allowed
2022-11-03T15:06:59.999Z [18224:19064] I [webengine] Closing connection 0x24a4be80b10 for 'http://127.0.0.1/eID-Client?Status': request=560B, response=444B, lifetime=8ms, firstResponse=5ms, businessLogicDelay=0ms, timeInCache=0ms, in=6ms, out=6ms, r.eos=6ms

2022-11-03T15:07:00.262Z [18224:18544] I [webengine] New connection 0x24a4be80990
2022-11-03T15:07:00.263Z [18224:17124] I [request] connection: 0x24a4be80990 url:http://127.0.0.1/eID-Client?tcTokenURL=https%3A%2F%2Fwww.fuehrungszeugnis.bund.de%2Fffw%2Fgovernikus-autent%2Ftoken%2F_3a75ca81-348d-4da8-bebc-6135c28f88df%3Bjsessionid%3DB9540C8958D1D96F8A9C45D47101111C.nodevlp25252-03 flowId:27003 decision:allowed riskLevel: universalCategory:
2022-11-03T15:07:00.263Z [18224:17124] I [check-ip] connection:0x24a4be80990 ip:127.0.0.1 flowId:27003 decision:continue
2022-11-03T15:07:01.308Z [18224:18544] I page allowed: http://127.0.0.1/eID-Client?tcTokenURL=https%3A%2F%2Fwww.fuehrungszeugnis.bund.de%2Fffw%2Fgovernikus-autent%2Ftoken%2F_3a75ca81-348d-4da8-bebc-6135c28f88df%3Bjsessionid%3DB9540C8958D1D96F8A9C45D47101111C.nodevlp25252-03

+1 Lasse Spiegel over 1 year ago in reply to TerryNeumann

Moin Terry,

wir haben vom Sophos Support die Lösung bekommen.

Unter "Globale Einstellungen -> Globale Ausschlüsse" muss 127.0.0.1 als Website ausgeschlossen werden. Dann funktioniert die Ausweisapp ohne Einschränkungen. Weitere Richtlinien waren bei uns nicht notwendig.
Cancel
Vote Up +3 Vote Down

Cancel
0 TerryNeumann over 1 year ago in reply to Lasse Spiegel

Danke für die Antwort und Lösung.
Es funktioniert jetzt auch bei uns.
Cancel
Vote Up 0 Vote Down

Cancel
0 Gerd Merkel over 1 year ago in reply to Lasse Spiegel

Perfekt .. damit klappt es bei uns auch wieder
Cancel
Vote Up 0 Vote Down

Cancel