Network Extension Breaking Some Network Communications Including Web Browsing

  • What feature is impacted?
    • com.sophos.endpoint.networkextension
  • What is the severity of the issue?
    • High
  • Summary of the issues:
    • I have noticed odd behavior with web browsers, Outlook, and other network dependant applications not loading content properly. I was able to isolate the issue to the Sophos network extension. I can correct the issue by force quitting the com.sophos.endpoint.networkextension process via Activity Monitor. The process restarts automatically, but the issue is cleared and network communications return to normal. The issue will eventually come back over time and I have to force quit the process again.
  • Observed behavior (What it did or didn’t do):
    • The most obvious issue is content not loading in the web browser. Browser requests just start to time out. Outlook also appears to be impacted and has trouble synchronizing changes. DNS resolution and ICMP ping traffic still work ok when this issue arises, so I'm assuming the issues is related to how the network extension and web protection feature work together.
  • How do we reproduce it (Provide instructions to help us reproduce the behavior):
    • It just seems like time is all it takes. Almost like there is a memory leak in the process that eventually breaks it and blocks certain network communications.
  • Frequency (How often this occurs):
    • It happens consistently over time. I don't know exactly how long it takes to resurface. It may be related to when the MacBook wakes from sleep, because I feel like it happens a lot when I wake the MacBook up, but I don't think it is exclusively that scenario.
  • Desired behavior (How is it expected to or should behave):
    • The endpoint software should not break network communications, web browsing, etc.
  • Environment (what hardware/software are you using):
    • MacBook Pro 13" with M1 chip on macOS Big Sur v11.3.1
    • Running Sophos endpoint 10.1.0 early access
    • There is no other security software on the computer
    • I experienced similar behavior on this same MacBook when I was running the non early release Sophos endpoint software, so I do not think this is a bug that was introduced with v10.1.0. I removed the non early release software and the issue went away. The issue came back when I installed the early release software. That is when I started digging deeper and isolated the issue to the com.sophos.endpoint.networkextension process.
  • Other (Any other detail that we need to know about):

  • Supporting logs, tool output, etc.
Parents
  • Hi Marc,

    We see a similar issue that occurs like this when changing between wireless networks. It impacts on anything that runs through the Sophos proxy it seems including curl or wget commands. I hadn't through of killing the network extension but I will give that a go. I get this anytime I sleep between home and work, I lose all network web connectivity for a few minutes at least while it rediscovers something. I have been having this issue on all versions since the original EAP for Big Sur. 

    Cheers,

    Andrew

Reply
  • Hi Marc,

    We see a similar issue that occurs like this when changing between wireless networks. It impacts on anything that runs through the Sophos proxy it seems including curl or wget commands. I hadn't through of killing the network extension but I will give that a go. I get this anytime I sleep between home and work, I lose all network web connectivity for a few minutes at least while it rediscovers something. I have been having this issue on all versions since the original EAP for Big Sur. 

    Cheers,

    Andrew

Children
No Data