We have had several customer reports that since the release of Central Windows Advanced 10.8.1 or Central Intercept X 2.0.0; Our 'Malicious Traffic Detection' component has been causing issues with DNS. This has caused machines to fail to log on and also cause general internet issues.
All reports currently indicate that affected customer's are also running an XG Firewall.
Applies to the following Sophos product(s) and version(s) Central Windows Endpoint 10.8.1Central Windows Endpoint Intercept X 2.0.0
Customer's may see a loss of network connectivity on Windows 7 Endpoints. Symptoms include being unable to log in to networked machines.
This issue has now been resolved in our Core Agent 2.0.3 Update. Customers can now re-enable Detect network traffic to command and control servers by following the below steps. To confirm the issue is resolved please perform this action on a subset of test machine and confirm that "Message Tracking" is disabled by following the below workflow.
Note: Please ensure you only perform this on a sub-set of machines to confirm the issue is no longer present.
Please open a support ticket with Sophos Technical Support if you find that connectionTracking is True or if you require connection tracking.
To workaround this issue you will need to disable the policy setting "Detect network traffic to command and control servers" from within your Central Threat Protection Policy.
This article will be updated when information becomes available
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.