ChatGPT file uploading does not work due to Sophos EndPoint

I have been using Sophos EndPoint for about 3 years and using ChatGPT for about a year. Everything has been working fine until about 4 to 6 weeks ago when all of the sudden staff in our office cannot upload files to ChatGPT. I wasn't sure what is was and troubleshot the issue with the OpenAI team without success. The weird part is that our company account was working fine on staff smartphones (we could upload files in our phones but not our computers).

So last week I tried entering the tamper protection password and turning everything OFF for my laptop Sophos Endpoint. And BINGO, I could all of the sudden upload files to ChatGPT without any issues. Since I cannot leave my laptop unprotected I decided to create a Global Exclusion for chatgpt.com but that DID NOT fixed the issue. 

Has anyone else faced this issue and if yes how did you fixed it?

Thanks!



Added tags
[edited by: GlennSen at 10:02 AM (GMT -8) on 4 Nov 2024]
Parents
  • Hi Rafael,

    Thanks for reaching out to the Sophos Community Forum. 

    Checking through some previous support cases, I see that some customers have had success in adding the same type of exclusion as you have. If not all users require access to ChatGPT, you may want to add the scanning exclusion of the type "Website" to a specific Threat Protection policy that applies to the desired users. 

    I suggest testing with an incognito or in-private-browsing window to ensure website caching does not affect the results you're seeing when testing. 

    Do let me know if you continue to experience issues when testing this way. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • No luck! Only disabling Sophos EndPoint is the only way I can upload files to ChatGPT. This is not an option. If I do not get any answer from the community in 1 or 2 days I will open a ticket with Sophos Support. For now I will manually disable Sophos EndPoint when I use ChatGPT since I am the biggest power user in the company and the Sophos Central admin.

  • If you open the dev tools of the browser and look at the network activity. Add the domain column and retry the upload, do you see a failing request, to what domain? 

  • Thanks for pointing me out in that direction. I added files.oasisusercontent.com to the Global Exclusions and now I can upload. Btw my list of global exclusions is growing big. Soon I will need to add all the websites our staff visits because for some reason Sophos blocks it. Why is that?

  • Hard to say, it depends what the domain is categorized as and what your web control policy might be. If you tail the SophosNetFilter.log when reproducing the issue that might help:

    gc 'C:\ProgramData\Sophos\Sophos Network Threat Protection\Logs\SophosNetFilter.log' -wait -tail 1 | ogv

    You can presumably search for the domain in the filter at the top. Does the decision show it not to be allowed?

    The problem is you have the main page, in this case chatgpt.com, which loads resources from other domains.  These other domains may have a different category to the main page.  So the main page could be allowed the other domains not.  In this case, it's a non visible element so the response could be a block which would be silent. Then you have block and warn as an option which could disrupt the data.

    Maybe the log would make it clearer?  Presumably if web control was off it would work?  Web Control and Web Protection use the same inspection method. I doubt just web protection being on would cause the issue. I'm sure it will be web control.

    Are you blocking/warning on uncategorised for example.  That could be awkward?  Also, are you using decrypt TLS in the Threat Protection policy.  Is the product seeing the full URL?
    Thanks.

Reply
  • Hard to say, it depends what the domain is categorized as and what your web control policy might be. If you tail the SophosNetFilter.log when reproducing the issue that might help:

    gc 'C:\ProgramData\Sophos\Sophos Network Threat Protection\Logs\SophosNetFilter.log' -wait -tail 1 | ogv

    You can presumably search for the domain in the filter at the top. Does the decision show it not to be allowed?

    The problem is you have the main page, in this case chatgpt.com, which loads resources from other domains.  These other domains may have a different category to the main page.  So the main page could be allowed the other domains not.  In this case, it's a non visible element so the response could be a block which would be silent. Then you have block and warn as an option which could disrupt the data.

    Maybe the log would make it clearer?  Presumably if web control was off it would work?  Web Control and Web Protection use the same inspection method. I doubt just web protection being on would cause the issue. I'm sure it will be web control.

    Are you blocking/warning on uncategorised for example.  That could be awkward?  Also, are you using decrypt TLS in the Threat Protection policy.  Is the product seeing the full URL?
    Thanks.

Children