This article provides a list of frequently asked questions regarding Web control in Sophos Central. The following sections are covered:
Applies to the following Sophos products and versions Sophos Central Admin
The following list of bullet points will help you to differentiate between the two features:
This depends on the policy that is configured in Sophos Central, the test that needs to be performed may differ. This answer provides the most common way to test Web Control functionality is working.
SophosLabs have provided the following webpage: http://sophostest.com/ to test category classification.
In addition to checking the Events report in Sophos Central for Web control events, on the endpoint logs or behaviors can also be checked or observed to see evidence of Web control being operational:
com.sophos.webintelligence: [Date] [Time] Policy action 'block' on 'https://www.facebook.com'
For more information of what to check, see Understanding and troubleshooting policy compliance of devices managed by Sophos Central.
On Windows, blocked resources obtained using HTTPS will display a popup messages. These balloon or Toast messages can be suppressed if required by the article 'Website blocked' popups are constantly appearing on web pages.
It is possible to obtain trace logging for both Web protection and the Web control components on the endpoint. Please contact Sophos Support quoting How to enable Sophos Web Intelligence (Web Protection feature) and Web Control logging and they will best guide you with the appropriate level of logging.
This may be correct based on the Web control policy configured for the user. The following steps should be followed to determine the correct behavior.
Not at this time. Web control is only available on Windows and Mac.
Under the Additional security options of the web control policy it is possible to control access to individual file types. For example, the customer can block executable files. These checks are also subject to SXL lookups to see if they are from a trusted source. For example, an executable file from Microsoft or Apple is not subject to the same checks as that from a unknown source.
One way to exempt a website is to use tags. For example, if the customer wanted to allow the site: uk.video.search.yahoo.com, that was previously blocked the customer could do as follows:
Note: It is also possible to override the category of a site in a similar way using the Website Management page.
There are a few reasons which may explain why a site doesn't behave as expected.
Note: See the question How to check if the client has the latest policy from Sophos Central to check the client has the updated policy if in any doubt.
In this example the customer could block: uk.video.search.yahoo.com over HTTPS as this is the server name passed by the browser in the SNI attribute of the request. The following screenshot shows how the server name is passed in the request when viewing the connection in Wireshark. Note: Server Name Extension (SNI) is not supported by all browsers. For more information see Server Name Indication.
As a first test, try adding the IP address of the webcam to the malware scanning exclusions in Sophos Central for the policy applied to the computer. The IP or IPs can be added as a Website type exclusion.
Note: This is not a Web control customization but a Web protection exclusion as found under the malware section of the policy.
Once the computer has received the policy and the exclusion is in place, try again to access the web cam using the web browser.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.