Sophos UTM: Decommissioning of obsolete URL categorization services CFFS.Click here for important info.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Anyone else seeing Web Filtering Issues on MacOS Ventura and Endpoint 10.4.7?

So we haven't dealr with Macs much in the past... however due to some recent developments, we've had to start dealing with them.  I've deployed MDR / Intercept X endpoint to two brand new, out of the box MacOS devices (one a macbook, one a mac mini) and on both I see issues with Sophos Endpoint not performing basic web filtering correctly.  One of the devices is running Ventura 13.0, the other 13.3.1 .  The deal is, in Safari and Chrome, web filtering works correctly (testing with sophostest.com) as long as the URL is not https:// --- enable TLS/SSL for the test URL and it fails to filter anything at all.

Started a support case on it, no progress so far (asked me to enabled / disable TLS decryption in the policy, etc.).  Just seems to be broken.  Endpoint reports everything is fine (extensions, etc. all enabled, the filters are present in the network config and enabled, etc.).  Anyone else seen this?  For the Sophos folks, the case ID is 06415915.



This thread was automatically locked due to age.
Parents
  • Hi Bruce,

    Thanks for reaching out. Allow me some time to test this and get back to you. 

    When running some initial tests on macOS 13.2.1, I was not able to replicate this issue. Are there specific websites with which you experience this problem, or will any website exhibit the same behaviour? 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • As stated, using the sophostest.com site (selecting the Adult content link) shows the issue.  Interestingly, if I test using www.playboy.com, when using https:// I get a SSL Protocol error (all https scanning is disabled on the upstream firewall for this host).  So I get two different results.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • I was able to locate one case where a "Managed user profile" in the Chrome Browser interfered with Web Control working as expected on macOS devices. 

    Do you know if this may be the case for the affected devices on your environment? Are any browser extensions present? 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • I've installed nothing in Chrome, etc. -- this are new computers, the only thing installed other than the OS they shipped with, are Apple Updates, chrome, and Sophos Endpoint.  I don't believe there are any "managed user profiles" in chrome, these systems at this point are not managed by any sort of management platform.  Also, Safari has the same issue.  TLS/SSL sites are not blocked.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • So support finally got around to looking at this (the other folks I emailed back and forth didn't understand the issue) ... anyhow, the deal is that the filtering is actually working, but because of issues with Sophos on MAC, TLS/SSL filtering does not display a blocked page like a blocked http request does, Sophos just breaks the TLS link on the offending site.  So it works, but it is a bit crude.  the tech said they were working on an update at some point to clean this up.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply
  • So support finally got around to looking at this (the other folks I emailed back and forth didn't understand the issue) ... anyhow, the deal is that the filtering is actually working, but because of issues with Sophos on MAC, TLS/SSL filtering does not display a blocked page like a blocked http request does, Sophos just breaks the TLS link on the offending site.  So it works, but it is a bit crude.  the tech said they were working on an update at some point to clean this up.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children
No Data