This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Web Protection Persistently Blocking a False-Positive.

Hello,

I have a end user who is trying to access a file from a legitimate engineering company that specializes in engineering software and solutions. In a email he got from the company, the sales agent provided him with a link to a download to try out the software. At first I did a check on the email to ensure it wasn't a phishing attempt, and all seems well. I talked with another end user who has already communicated with this same person and even downloaded the software with no issues (the download must have occurred a day or so before he got Sophos installed on his system).

The problem is, when that end user tries to click the link or type it in the address bar, Sophos gives a warning that it is a malware and blocks access. I attempted this on my end and got the same result. So I did some further investigation to re-assure myself that this is not a security liability, and the company is indeed legitimate and that shouldn't be malware. The company in question is called "Infolytica", and I tried to white-list/override the block by adding the base URL to the base policy with the tag "no-harm" and with an allow.

It still blocked him, that time it said that the Organization's policy prevents accessing that page, even though it should be the contrary due to the override with allow. I tried adding a new policy and disabling protection temporarily to see if this would work, but no results. I added it to the global scanning exclusion, still blocked.

Here is a screenshot showing it:

And here is what we get once we added a exclusion/exception/tag to allow it:

Is there something I am missing here? I checked several times to ensure the legitimacy of this company, and they come out as 100% legit.



This thread was automatically locked due to age.
Parents Reply
  • Hello,

    when I added it to global scanning exclusions, I got the message:

     

    • Location: www.infolytica.com/downloads/clientid.exe
    • Your organization's policy prohibits access to this website.

     

    Why would the policy prohibit access even after making an exclusion for it?

Children