Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
This article provides a list of frequently asked questions regarding Web control in Sophos Central. The following sections are covered:
Applies to the following Sophos products and versions Central Endpoint Advanced 11.5.11Central Endpoint Standard 11.5.11Sophos Central Managed Server 1.5.6Sophos Endpoint Security and Control 10.8.2UTM Managed Endpoint (Windows 2000+)
The following list of bullet points will help you to differentiate between the two features:
This depends on the policy that is configured in Sophos Central, the test that needs to be performed may differ. This answer provides the most common way to test Web Control functionality is working. Use the malware test page to test the category classification.
In addition to checking the Events report in Sophos Central for Web control events, the endpoint logs or behaviors can also be checked or observed to see evidence of Web control being operational:
com.sophos.webintelligence: [Date] [Time] Policy action 'block' on 'https://www.facebook.com'
Safari Can't Open the Page
This webpage is not available
Website cannot be found
For more information of what to check, see Understanding and troubleshooting policy compliance of devices managed by Sophos Central.
Balloon or Toast messages can be suppressed if required by the article 'Website blocked' popups are constantly appearing on web pages.
It is possible to obtain trace logging for both Web protection and the Web control components on the endpoint. Please contact Sophos Support quoting How to enable Sophos Web Intelligence (Web Protection feature) and Web Control logging and they will best guide you with the appropriate level of logging.
How to enable Sophos Web Intelligence (Web Protection feature) and Web Control logging
This may be correct based on the Web control policy configured for the user. The following steps should be followed to determine the correct behavior.
Not at this time. Web control is only available on Windows and Mac.
Under the Additional security options of the web control policy, it is possible to control access to individual file types. For example, the customer can block executable files. These checks are also subject to SXL lookups to see if they are from a trusted source. For example, an executable file from Microsoft or Apple is not subject to the same checks as that from an unknown source.
Note: The security options on risky file types, which is one of the functions of the web control, currently does not work on HTTPS websites. Alternatively, you can block the root domain of the website or the website's category from where the file is being downloaded.
One way to exempt a website is to use tags. For example, if the customer wanted to allow the site uk.video.search.yahoo.com, that was previously blocked the customer could do as follows:
Note: It is also possible to override the category of a site in a similar way using the Website Management page.
There are a few reasons which may explain why a site doesn't behave as expected.
Note: See the question How to check if the client has the latest policy from Sophos Central to check the client has the updated policy if in any doubt.
In this example, the customer could block: uk.video.search.yahoo.com over HTTPS as this is the server name passed by the browser in the SNI attribute of the request. The following screenshot shows how the server name is passed in the request when viewing the connection in Wireshark.
Note: Server Name Extension (SNI) is not supported by all browsers. For more information see Server Name Indication.
As a first test, try adding the IP address of the webcam to the malware scanning exclusions in Sophos Central for the policy applied to the computer. The IP or IPs can be added as a Website type exclusion.
Note: This is not a Web control customization but a Web protection exclusion as found under the malware section of the policy.
Once the computer has received the policy and the exclusion is in place, try again to access the webcam using the web browser.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable for us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.