We are having issues on our devices with the AusweisApp2 in conjunction with Sophos Endpoint Protection.The AusweisApp2 is a German application for authenticating oneself on the Internet with one's identity card on government websites. When the Endpoint Protection is active, we get the error message from the AusweisApp2 as shown in the screenshot below.
However, if we disable the "Web Control" and "Internet" settings on a device, the AusweisApp2 works and we do not get any error message. We have already set for the application on the list of allowed applications. Unfortunately, this did not help. We also whitelisted the URL for verification with the provider. Also without success.
Unfortunately, my research in the support area as well as in the community area did not find anything about this problem.
Does it make sense to open a support case directly with Sophos?
I thank you in advance for all the answers.With best regardsLasse Spiegel
Thanks for reaching out to the Sophos Community Forum.
I suggest adding an exclusion for the website from the page "SSL/TLS decryption of HTTPS websites". You can verify that the exclusion is applied by checking the following registry key.- HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy\ThreatProtection\######\web_protection
The numbers will correspond to the policy revision that's been received. You may also want to reboot the affected device once the exclusion is applied if this does not work right away. If the issue continues to persist, you may want to raise a case with our support team so this can be looked into.
A similar thread was raised recently where authentication continued to fail.- https://community.sophos.com/intercept-x-endpoint/f/discussions/136397/ssl-tls-decryption-with-smartcard-or-certificate-based-authentication
If this also occurs to you, I suggest checking the logs at "C:\ProgramData\Sophos\Sophos Network Threat Protection\Logs\" to see if any additional IP addresses are being reached when you try to connect/authenticate.
Thank you for your response.
We aren't currently using the HTTPS decryptioon feature. It's not enabled for any Thread Protection rule.
I could indeed find entries where Sophos checked connections. They returned always page allowed and/or decision:continue.
I'm going to raise a support ticket.
Thank you for your support.