This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

MacOS: Sophos network filters

Hi,

When going to System settings / network / filters I see 2 types of filters:

My 2 questions:

1. I am not able to activate the upper ''content filter'' manually or in Sophos Cloud. It's even not being activated when blocking all website categories via ''web filtering''. What is the purpose of this ''content'' filter? How do I activate it?
2. What is the lower ''transparent proxy'' being used for? Does this mean that all my internet traffic is being routed to a Sophos (external) proxy outside my home network? 

The information on https://support.home.sophos.com/hc/en-us/articles/360055654151-SophosWebNetworkExtension-Would-Like-to-Add-Proxy-Configurations doesn't answer these questions. 



This thread was automatically locked due to age.
Parents Reply
  • Hi Quoosh,

    Thank you for your assistance. I appreciate your help.

    It is about Sophos Home. I know that Home users only can apply for support in case they have a premium subscription.

    However, I do not ask for ''support'', I'm just looking for documentation about both filters / proxy's.

    Can you provide any documentation? Unfortunately the information provided doesn't help me further.

    Thank you in advance.

    Have a nice weekend.

Children
  • I suspect there may have been a previous installation on the device at one point, as there should only be one network filter listed. 

    I suggest running the following command to see if additional entries are listed as well. 
    - systemextensionsctl list

    You can also find steps on how to remove additional system extensions in the following article in the section "How to remove system extensions".
    support.home.sophos.com/.../115005499786-Uninstalling-Sophos-Home-on-Mac-computers

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hi Kushal,

    Thank you for your support. I appreciate!

    I did install Sophos Home on a clean installation (MacOS Ventura 13.0.1). I executed the commandline, here's the result:

    --- com.apple.system_extension.network_extension

    enabled active teamID bundleID (version) name [state]

    * * 2H5GFH3774 com.sophos.endpoint.networkextension (10.4.1/4)networkextension [activated enabled]

    --- com.apple.system_extension.endpoint_security

    enabled active teamID bundleID (version) name [state]

    * * 2H5GFH3774 com.sophos.endpoint.scanextension (10.4.0/12) com.sophos.endpoint.scanextension [activated enabled]

    I expect the com.sophos.endpoint.scanextension is for on-access file scanning.

    It seems com.sophos.endpoint.networkextension adds both networkfilters:

    In this article, drop down menu 'Other known issues' there is referred to both network filters (transparent and content):
    https://support.home.sophos.com/hc/en-us/articles/10147323491732

    1. Based on this information, I expect that the ''Content filter'' is used for ''Web filtering'' functionality. Now the confusing part is that it is displayed as ''Disabled'', even if I activate web categories to block access to via Sophos Cloud UI. I expect that after activating ''Web filtering'', the status for the "Content filter'' jumps to ''Enabled'', but it doesn't. Summarized, this seems to be a cosmetic bug? How can I report this bug?

    2. The remaining question is about the ''transparent filter'': where is this filter used for, and how does it affect my network activity? I wasn't able to find any information about this.

    Have a great day. Thank you in advance.

  • The transparent filter is used for intercepting web traffic so any web control policies can be applied, for instance, if you have blocked inappropriate categories, this allows that information to be shared with Sophos' scanning components so a block can be applied.

    The scanextension as you mentioned, is for on-access file scanning.

    If you do wish to report a bug, I'd suggest opening a case with the Sophos Home team, as they would be better suited to assist in this situation. 

    I'm in the process of updating my mac system right now so I can test more accurately. I will follow up with you here with any additional information I'm able to find.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Thanks again Kushal! 

    Crystal clear. However, based on your information, my assumption that the ''content filter'' / proxy in my screenshot is being used for web filtering, is wrong, right?

  • I did some searching to find more information on this. The Transparent Proxy is intended to mirror web traffic for scanning and filtering.
    The Content Filter is intended for non-web network traffic that's generated from the network card on the device. 

    Both will need to be enabled for your device to be fully protected. Do let me know if this answers your question or if you have any other concerns.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids