Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 15 subscribers
  • Views 2300 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intercept X Web control - Web Threats Blocked

Jonas Stadler

Hello everyone,

yesterday I saw for the first time an entry at "Web Threats Blocked". It shows me that a "High Risk" website was blocked. But sadly in this overview is not date and no information what website exactly was blocked.

Is there an option to see directly what website got blocked? I just found out one possible URL, by setting the time period to custom and checking day by day. I assume this is not intended by sophos.



This thread was automatically locked due to age.
Parents
  • 0

    Thank you for reaching the community forum. 

    Have you tried checking this under Threat Analysis Center and see if the details are available there? Are you observing this on multiple devices or a single device?

    Can you share as well here the alert that you're getting on your Sophos central? 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0 in reply to GlennSen

    Just to make sure we are talking about the same thing:

    Is there a possibility to jump directly from this view to the High Risk URL?

    I didn´t find anything from web control in the Threat Analysis Center.

  • 0 in reply to Jonas Stadler

    Hi  ,

    From Logs & Reports > Events, filter the items to narrow down the event results, click "Update", and then export the data. Let me know if this report helps with the information that you need.

    Gladys Reyes
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0 in reply to Gladys

    Hi  ,

    thanks for your reply. I am a bit confused now. In my opinion an internal website should be responsible for this "alert". But now its getting interesting.

    1. I checked the "Top Blocked Sites" filtered on the day, the entry was created at "Top Malware Downloaders" and found the internal URL. Sadly these entries have no date and computername...

    2. I checked the Logs & Reports > Events in Sophos Central and didnt find this entry.

    Btw why i am seeing entries of the 6th June if I filtered from 7th - 8th? The computer wasn´t used from 8th to 13th june so there are no further entries.

    3. I checked the local log in Sophos Endpoint and found the local URL.

    Interesting aswell the entry at "Top Malware Downloaders" cant be assigned to one specific day. It shows me the entry on the 7th AND 8th June. Same behaviour at "Blocked Sites". Could there be some trouble with missconfigured time zones?

    However, the real problem remains, I can only estimate from the data in Sophos Central and local Endpoint which URL was finally assessed as "High Risk".

  • 0 in reply to Jonas Stadler

    Hi  ,

    Thanks for sharing these details. I'll follow up with you via PM so we can further look into it.

    Gladys Reyes
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply Children
No Data
Unfiltered HTML