This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Anyone else seeing Web Filtering Issues on MacOS Ventura and Endpoint 10.4.7?

So we haven't dealr with Macs much in the past... however due to some recent developments, we've had to start dealing with them. I've deployed MDR / Intercept X endpoint to two brand new, out of the box MacOS devices (one a macbook, one a mac mini) and on both I see issues with Sophos Endpoint not performing basic web filtering correctly. One of the devices is running Ventura 13.0, the other 13.3.1 . The deal is, in Safari and Chrome, web filtering works correctly (testing with sophostest.com) as long as the URL is not https:// --- enable TLS/SSL for the test URL and it fails to filter anything at all.

Started a support case on it, no progress so far (asked me to enabled / disable TLS decryption in the policy, etc.). Just seems to be broken. Endpoint reports everything is fine (extensions, etc. all enabled, the filters are present in the network config and enabled, etc.). Anyone else seen this? For the Sophos folks, the case ID is 06415915.

This thread was automatically locked due to age.

Top Replies

BrucekConvergent over 1 year ago in reply to BrucekConvergent +1 verified

So support finally got around to looking at this (the other folks I emailed back and forth didn't understand the issue) ... anyhow, the deal is that the filtering is actually working, but because of issues…

Parents

0 Qoosh over 1 year ago

Hi Bruce,

Thanks for reaching out. Allow me some time to test this and get back to you.

When running some initial tests on macOS 13.2.1, I was not able to replicate this issue. Are there specific websites with which you experience this problem, or will any website exhibit the same behaviour?

Kushal Lakhan

Team Lead, Global Community Support
Connect with Sophos Support, get alerted, and be informed.
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 1 year ago in reply to Qoosh

As stated, using the sophostest.com site (selecting the Adult content link) shows the issue. Interestingly, if I test using www.playboy.com, when using https:// I get a SSL Protocol error (all https scanning is disabled on the upstream firewall for this host). So I get two different results.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Sophos Platinum Partner

--------------------------------------

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel
0 Qoosh over 1 year ago in reply to BrucekConvergent

I was able to locate one case where a "Managed user profile" in the Chrome Browser interfered with Web Control working as expected on macOS devices.

Do you know if this may be the case for the affected devices on your environment? Are any browser extensions present?

Kushal Lakhan

Team Lead, Global Community Support
Connect with Sophos Support, get alerted, and be informed.
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Qoosh over 1 year ago in reply to BrucekConvergent

I was able to locate one case where a "Managed user profile" in the Chrome Browser interfered with Web Control working as expected on macOS devices.

Do you know if this may be the case for the affected devices on your environment? Are any browser extensions present?

Kushal Lakhan

Team Lead, Global Community Support
Connect with Sophos Support, get alerted, and be informed.
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 BrucekConvergent over 1 year ago in reply to Qoosh

I've installed nothing in Chrome, etc. -- this are new computers, the only thing installed other than the OS they shipped with, are Apple Updates, chrome, and Sophos Endpoint. I don't believe there are any "managed user profiles" in chrome, these systems at this point are not managed by any sort of management platform. Also, Safari has the same issue. TLS/SSL sites are not blocked.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Sophos Platinum Partner

--------------------------------------

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel
+1 BrucekConvergent over 1 year ago in reply to BrucekConvergent

So support finally got around to looking at this (the other folks I emailed back and forth didn't understand the issue) ... anyhow, the deal is that the filtering is actually working, but because of issues with Sophos on MAC, TLS/SSL filtering does not display a blocked page like a blocked http request does, Sophos just breaks the TLS link on the offending site. So it works, but it is a bit crude. the tech said they were working on an update at some point to clean this up.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Sophos Platinum Partner

--------------------------------------

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up +1 Vote Down

Cancel