Endpoint Protection - Error while using AusweisApp2

Hello, 

We are having issues on our devices with the AusweisApp2 in conjunction with Sophos Endpoint Protection.
The AusweisApp2 is a German application for authenticating oneself on the Internet with one's identity card on government websites.
When the Endpoint Protection is active, we get the error message from the AusweisApp2 as shown in the screenshot below.


However, if we disable the "Web Control" and "Internet" settings on a device, the AusweisApp2 works and we do not get any error message.
We have already set for the application on the list of allowed applications. Unfortunately, this did not help. We also whitelisted the URL for verification with the provider. Also without success.

Unfortunately, my research in the support area as well as in the community area did not find anything about this problem.

Does it make sense to open a support case directly with Sophos?

I thank you in advance for all the answers.
With best regards
Lasse Spiegel



Edited tags
[edited by: Gladys at 8:26 AM (GMT -7) on 3 Oct 2022]
Parents
  • Hi Lasse,

    Thanks for reaching out to the Sophos Community Forum. 

    I suggest adding an exclusion for the website from the page "SSL/TLS decryption of HTTPS websites". You can verify that the exclusion is applied by checking the following registry key.
    - HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy\ThreatProtection\######\web_protection

    The numbers will correspond to the policy revision that's been received. You may also want to reboot the affected device once the exclusion is applied if this does not work right away. If the issue continues to persist, you may want to raise a case with our support team so this can be looked into. 

    A similar thread was raised recently where authentication continued to fail.
    -  https://community.sophos.com/intercept-x-endpoint/f/discussions/136397/ssl-tls-decryption-with-smartcard-or-certificate-based-authentication

    If this also occurs to you, I suggest checking the logs at "C:\ProgramData\Sophos\Sophos Network Threat Protection\Logs\" to see if any additional IP addresses are being reached when you try to connect/authenticate.

    Kushal Lakhan
    Global Community Support Engineer
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hello Kushal, 

    Thank you for your response.

    We aren't currently using the HTTPS decryptioon feature. It's not enabled for any Thread Protection rule. 

    I could indeed find entries where Sophos checked connections. They returned always page allowed and/or decision:continue.

    I'm going to raise a support ticket.

    Thank you for your support.

    Best regards, 

    Lasse Spiegel

  • Hallo Lasse,

    hast du eine Lösung vom Support erhalten?

    Wir haben das selbe Problem. HTTPS Scann ist bei uns auch nicht aktiv.

    Wenn ich im Sophos Client die "Web Control" und  "Echtzeit-Scans Internet" ausschalte, dann kann der Client die Verbindung aufbauen und die Daten werden vom Ausweis auf die Webseite übertragen.

    In der Logdatei "SophosNetFilter.log" wird die Seite auch erlaubt. Aber es funktioniert nur, wenn "Web Control" und  "Echtzeit-Scans Internet" aus sind.

    2022-11-03T15:06:37.260Z [18224:17124] I WebControl enabled by policy
    2022-11-03T15:06:37.260Z [18224:19200] I SNF has been successfully initialized
    022-11-03T15:06:58.680Z [18224: 4324] I [clienthello] connection:0x24a4c8d2b60 sni:www.fuehrungszeugnis.bund.de flowId:26995 decision:nodecrypt
    2022-11-03T15:06:58.681Z [18224:17124] I [request] connection: 0x24a4c8d2b60 url:www.fuehrungszeugnis.bund.de flowId:26995 decision:allowed riskLevel:2 universalCategory:18
    2022-11-03T15:06:58.681Z [18224:17124] I page allowed: www.fuehrungszeugnis.bund.de
    
    2022-11-03T15:06:58.685Z [18224: 4324] I [clienthello] connection:0x24a4be80230 sni:www.fuehrungszeugnis.bund.de flowId:26994 decision:nodecrypt
    2022-11-03T15:06:58.686Z [18224:17124] I [request] connection: 0x24a4be80230 url:www.fuehrungszeugnis.bund.de flowId:26994 decision:allowed riskLevel:2 universalCategory:18
    2022-11-03T15:06:58.686Z [18224:17124] I page allowed: www.fuehrungszeugnis.bund.de
    
    2022-11-03T15:06:58.847Z [18224:18544] I [webengine] New connection 0x24a4c8d2da0
    2022-11-03T15:06:58.848Z [18224:17124] I [check-ip] connection:0x24a4c8d2da0 ip:80.245.152.60 flowId:26998 decision:continue
    2022-11-03T15:06:58.849Z [18224:15504] I [clienthello] connection:0x24a4c8d2da0 sni:www.fuehrungszeugnis.bund.de flowId:26998 decision:nodecrypt
    2022-11-03T15:06:58.850Z [18224:17124] I [request] connection: 0x24a4c8d2da0 url:www.fuehrungszeugnis.bund.de flowId:26998 decision:allowed riskLevel:2 universalCategory:18
    2022-11-03T15:06:58.850Z [18224:17124] I page allowed: www.fuehrungszeugnis.bund.de
    
    2022-11-03T15:06:59.959Z [18224:18544] I [webengine] New connection 0x24a4c827b30
    2022-11-03T15:06:59.960Z [18224:17124] I [check-ip] connection:0x24a4c827b30 ip:127.0.0.1 flowId:26999 decision:continue
    2022-11-03T15:06:59.961Z [18224:19060] I [request] connection: 0x24a4c827b30 url:http://127.0.0.1/ flowId:26999 decision:allowed riskLevel: universalCategory:
    2022-11-03T15:06:59.989Z [18224:18544] I page allowed: http://127.0.0.1/
    2022-11-03T15:06:59.989Z [18224:17124] I [scan] connection:0x24a4c827b30 url:http://127.0.0.1/ flowId:26999 decision:allowed
    2022-11-03T15:06:59.990Z [18224:19064] I [webengine] Closing connection 0x24a4c827b30 for 'http://127.0.0.1/': request=515B, response=444B, lifetime=31ms, firstResponse=28ms, businessLogicDelay=0ms, timeInCache=3ms, in=29ms, out=29ms, r.eos=29ms
    
    2022-11-03T15:06:59.990Z [18224:18544] I [webengine] New connection 0x24a4be80b10
    2022-11-03T15:06:59.991Z [18224:17124] I [check-ip] connection:0x24a4be80b10 ip:127.0.0.1 flowId:27001 decision:continue
    2022-11-03T15:06:59.991Z [18224:17124] I [request] connection: 0x24a4be80b10 url:http://127.0.0.1/eID-Client?Status flowId:27001 decision:allowed riskLevel: universalCategory:
    2022-11-03T15:06:59.997Z [18224:18544] I page allowed: http://127.0.0.1/eID-Client?Status
    2022-11-03T15:06:59.997Z [18224:17124] I [scan] connection:0x24a4be80b10 url:http://127.0.0.1/eID-Client?Status flowId:27001 decision:allowed
    2022-11-03T15:06:59.999Z [18224:19064] I [webengine] Closing connection 0x24a4be80b10 for 'http://127.0.0.1/eID-Client?Status': request=560B, response=444B, lifetime=8ms, firstResponse=5ms, businessLogicDelay=0ms, timeInCache=0ms, in=6ms, out=6ms, r.eos=6ms
    
    2022-11-03T15:07:00.262Z [18224:18544] I [webengine] New connection 0x24a4be80990
    2022-11-03T15:07:00.263Z [18224:17124] I [request] connection: 0x24a4be80990 url:http://127.0.0.1/eID-Client?tcTokenURL=https%3A%2F%2Fwww.fuehrungszeugnis.bund.de%2Fffw%2Fgovernikus-autent%2Ftoken%2F_3a75ca81-348d-4da8-bebc-6135c28f88df%3Bjsessionid%3DB9540C8958D1D96F8A9C45D47101111C.nodevlp25252-03 flowId:27003 decision:allowed riskLevel: universalCategory:
    2022-11-03T15:07:00.263Z [18224:17124] I [check-ip] connection:0x24a4be80990 ip:127.0.0.1 flowId:27003 decision:continue
    2022-11-03T15:07:01.308Z [18224:18544] I page allowed: http://127.0.0.1/eID-Client?tcTokenURL=https%3A%2F%2Fwww.fuehrungszeugnis.bund.de%2Fffw%2Fgovernikus-autent%2Ftoken%2F_3a75ca81-348d-4da8-bebc-6135c28f88df%3Bjsessionid%3DB9540C8958D1D96F8A9C45D47101111C.nodevlp25252-03

  • Moin Terry, 

    wir haben vom Sophos Support die Lösung bekommen.

    Unter "Globale Einstellungen -> Globale Ausschlüsse" muss 127.0.0.1 als Website ausgeschlossen werden. Dann funktioniert die Ausweisapp ohne Einschränkungen. Weitere Richtlinien waren bei uns nicht notwendig.

  • Danke für die Antwort und Lösung.
    Es funktioniert jetzt auch bei uns.Thumbsup

Reply Children
No Data