This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New Block QUIC setting not showing

I saw the popup the other day announcing the new feature in Threat Protection to block QUIC to make sure that everything goes through Web Control and Threat Control correctly.

I clicked the "Read more" link which took me to Threat Protection Policy - Sophos Central Admin, indicating it should appear just before the HTTPS Decryption toggle in the Threat Protection policy settings.

However when I go to find that setting, it's not there. Is there something I need to do to activate that?



This thread was automatically locked due to age.
Parents Reply Children
  • If you open the dev tools of the browser, F12, switch to the console and type:

    sc.getFlags();

    This should return the flags enabled for your account, I see:

    cesg.windows.computer.quic.enabled
    true


    cesg.windows.server.quic.enabled
    true

    Do you have those flags listed, if so, what is the value? I assume everything listed is true, so you may not have them?

  • The flag isn't even listed - there's nothing with `cesg.windows` at the start - just goes straight from `cesg.whitelist` to `cesg.winep`.

  • All I can suggest is you try running:

    sc.setFlag('cesg.windows.computer.quic.enabled')

    It might work, i.e. enable it for the endpoint policy.

    For the server policies if it works:

    sc.setFlag('cesg.windows.server.quic.enabled')


    otherwise, you may have to open a ticket with Support.  

    I don't know if you need to logout and back in or just re-open the policy.  That is all I have I'm afraid. Hope it works.

    I see the policy comes down to the DWORD quic_protocol_blocking_enabled under:

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy\NetworkPerimeter\[latestrevision]\

    1 being enabled, 0 being disabled in policy.

  • That did the trick.

    Just had to run the command and refresh the page.

    Though strangely the toggle defaulted to being enabled on the base policy when I opened it (despite the documentation saying it's disabled by default), but not on the separate policy we have to filter websites for children's laptops at home.