ChatGPT file uploading does not work due to Sophos EndPoint

I have been using Sophos EndPoint for about 3 years and using ChatGPT for about a year. Everything has been working fine until about 4 to 6 weeks ago when all of the sudden staff in our office cannot upload files to ChatGPT. I wasn't sure what is was and troubleshot the issue with the OpenAI team without success. The weird part is that our company account was working fine on staff smartphones (we could upload files in our phones but not our computers).

So last week I tried entering the tamper protection password and turning everything OFF for my laptop Sophos Endpoint. And BINGO, I could all of the sudden upload files to ChatGPT without any issues. Since I cannot leave my laptop unprotected I decided to create a Global Exclusion for chatgpt.com but that DID NOT fixed the issue. 

Has anyone else faced this issue and if yes how did you fixed it?

Thanks!



Added tags
[edited by: GlennSen at 10:02 AM (GMT -8) on 4 Nov 2024]
Parents Reply Children
  • Hard to say, it depends what the domain is categorized as and what your web control policy might be. If you tail the SophosNetFilter.log when reproducing the issue that might help:

    gc 'C:\ProgramData\Sophos\Sophos Network Threat Protection\Logs\SophosNetFilter.log' -wait -tail 1 | ogv

    You can presumably search for the domain in the filter at the top. Does the decision show it not to be allowed?

    The problem is you have the main page, in this case chatgpt.com, which loads resources from other domains.  These other domains may have a different category to the main page.  So the main page could be allowed the other domains not.  In this case, it's a non visible element so the response could be a block which would be silent. Then you have block and warn as an option which could disrupt the data.

    Maybe the log would make it clearer?  Presumably if web control was off it would work?  Web Control and Web Protection use the same inspection method. I doubt just web protection being on would cause the issue. I'm sure it will be web control.

    Are you blocking/warning on uncategorised for example.  That could be awkward?  Also, are you using decrypt TLS in the Threat Protection policy.  Is the product seeing the full URL?
    Thanks.

  • Thanks for the detailed explanation, I will play around with it when I have some time. I left the policies intact (default out of the box) since the Sophos Pro Team told me that was good when we initially setup our system. Maybe the out of the box policies are too restrictive? Which makes no sense because our public Wifi doesn't apply any web or SSL scanning and ChatGPT didn't work there either (until I added all the related domains to the global exclusions).

  • At some point in time.....Sophos needs to have an Ai category that encompasses all the Ai.