I've got a client running Sophos Enterprise Console and recently enabled Web Control so they could move away from a web proxy provider and save money.
*Enterprise Console version 5.5.0
*Client Agent (Endpoint Security and Control) version 10.7
This works fine for all the sophostest.com sites and everyone is happy with the solution - however any BLOCKED sites that are accessed on HTTPS just result in:
"This site can't provide a secure connection
<website> sent an invalid response
Non-blocked HTTPS sites work fine.
Could anyone advise a way to resolve this please as I'm keen to provide users with a more meaningful message to reduce support calls.
the Endpoint Web Control can just permit or block HTTPS requests but it can't inject its own error message, it would have to intercept the TLS handshake. Thus it only causes a connection error, the message is issued by the browser.
Thank you Christian,
That does make a lot of sense! I've advised the client and they are happy with the 'toast' notification :)
Sophos does log that access to those sites is blocked under controlled items. Is there anyway for users to get a pop-up notification from Sophos that the site is blocked?
Hi Ryan Smith4
An event is triggered that is shown to the user and sent to Sophos Enterprise Console. Alternatively, users can be warned by means of notification when visiting controlled websites; even if the user does not proceed, a warning event is triggered. If the user proceeds and views a site despite the warning, a second event is triggered and sent to Sophos Enterprise Console.
Hi Shweta. The only message our users see when they go to a blocked website is the generic "This site can't provide a secure connection" The only way a user can see if the site was blocked is by going to the controlled items area of Sophos on their PC. Is that the event that you're referring too?
You also said users can be warned by means of notification, is that a setting within Sophos Central?
Thanks for your help!
Are you managing your endpoints via Sophos central? You will either see a notification popup or the browser will display a page detailing the content that has been blocked or warned. HTTPS websites will display a message website cannot be found. For more information, please check this article.
Users should get the pop up "toast" notification when they attempt to access a blocked HTTPS site. Are you not seeing this behavior?
There is a method to disable this but it's not a setting controlled in the policy, instead it's a registry key add on your endpoints.https://community.sophos.com/kb/en-us/120971
Yeah I'm not getting the pop up notification. I went through the attached procedure and made sure that this wasn't disabled in the registry. Is it something that needs to be enabled in Sophos Central?
I was doing testing and found the exact same behavior as your mentioned. On one of my endpoints still managed by SEC it does show the toast notification but not on a Central managed endpoint.I was digging further and found this snippet in the FAQ: "Either a notification popup will be displayed or the browser will display a page detailing the content that has been blocked or warned. HTTPS websites will display a message Website cannot be found and no toast notification will be displayed."
Website cannot be found
I think we should have popup toast notifications like on SEC managed endpoints, and would need to be submitted as a feature request.
I spent some time writing with Sophos support and got an ideas link.
If enough votes come together a feature will be developed.