Thread Info
  • State Not Answered
  • Replies 4 replies
  • Subscribers 15 subscribers
  • Views 658 views
  • Users 0 members are here
Options
Suggested

Intercept X - Network Threat Protection module blocking web form

JLWB

Hi, first time poster here. 

As per the title, the Network Threat Protection module part of Intercept X is blocking a simple webform on our website. I have added an exception for this, in Sophos Central, so now our users can test and use this form however we'd like to get an understanding of why the form was blocked in the first place so we can fix any underlying issue with the code/form. Is there anywhere in Sophos Central that can provide more detailed logging of blocked items? 

In doing this we hope to fix the form so other AVs don't incorrectly block it and prevent our users/customers from submitting on the form. 

Link to form: https://wattbike.com/pages/become-a-wattbiker

TIA. 

John

Parents
  • 0

    Thank you for reaching out to the community forum.

    When you mentioned that it’s getting blocked, May we know what detection our endpoint generates when the blocking happens? 

    We tried checking on our end, but we're not getting any blocking Error. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0 in reply to GlennSen

    Hi Glenn, 

    I couldn't see anything anywhere either. 

    The only reason I know is that I admin logged into the Sophos program on the end point and one by one disabled the modules until i found the one blocking submission of the form. 

    KR
    John

  • 0 in reply to JLWB

    You'll likely need to create a support case and show them over a remote session. We had a similar thing with traffic coming from an internal Avaya server to a wallboard PC showing a simple html with call stats. 
    I would probably suggest running the website with the browser dev tools open and look at the sources list - you might find that an element on the page is causing the problem. We have regular issues like this with our XGS Firewall and it almost always turns out to be SSL decryption. 

    You could run an SDU while opening the site with the all the AV modules on apart from NTP, then turn it on and run another SDU for compairson. 

Reply
  • 0 in reply to JLWB

    You'll likely need to create a support case and show them over a remote session. We had a similar thing with traffic coming from an internal Avaya server to a wallboard PC showing a simple html with call stats. 
    I would probably suggest running the website with the browser dev tools open and look at the sources list - you might find that an element on the page is causing the problem. We have regular issues like this with our XGS Firewall and it almost always turns out to be SSL decryption. 

    You could run an SDU while opening the site with the all the AV modules on apart from NTP, then turn it on and run another SDU for compairson. 

Children
No Data
Unfiltered HTML