This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos endpoint blocking internet traffic via ssl vpn, with gateway enabled.

Good morning folks.
  

I have a sophos xg 135 firewall, and anti-virus endpoint also from sophos, we are all working in home office, via ssl VPN with client installed on all computers,
there was a need for a user to access a third party system with our public ip being in your home, I created a specific rule on the firewall and group on the VPN to
use our public ip as a gateway, so far everything is perfect, everything works, and even on any computer it works with any antivirus, but when I install the sophos
endpoint antivirus all internet traffic for , only the network continues, I already tried to disable all policies on the endpoint for 4 hours, but I still have access
to the internet blocked, I tried everything including searches in the forums, and I didn't get anything, I would like help to solve this problem
.
Thank you


This thread was automatically locked due to age.
Parents Reply Children
  • Good morning Jasmine.
    Attached are the logs.

    a 2020-05-30T14:10:27.631Z [5176:7276] - ----------------------------------------------------------------------------------------------------
    a 2020-05-30T14:10:27.632Z [5176:7276] - Starting version 1.9.2235.0 of the Sophos Network Threat Protection service.
    a 2020-05-30T14:10:27.632Z [5176:7276] - ----------------------------------------------------------------------------------------------------
    a 2020-05-30T14:10:27.634Z [5176:5952] - On service start
    a 2020-05-30T14:10:27.634Z [5176:5952] - Process application information: Available
    a 2020-05-30T14:10:27.822Z [5176:5952] - Feature flag 'ips.available' is not enabled
    a 2020-05-30T14:10:27.829Z [5176:12508] - By policy and feature flags, IPS is disabled
    a 2020-05-30T14:10:27.829Z [5176:12508] - Updated policy, MTD overall: Disabled, C2 detections: Disabled, connection tracking: Disabled, self isolation: Disabled, ips: Disabled
    a 2020-05-30T14:10:27.830Z [5176:12508] - By policy and feature flags, IPS is disabled
    a 2020-05-30T14:10:27.830Z [5176:12508] - Recalculating isolation: Self isolated: False, Admin isolated: False
    a 2020-05-30T14:10:27.837Z [5176:12508] - By policy and feature flags, IPS is disabled
    a 2020-05-30T14:10:27.839Z [5176:5720] - Recalculating isolation: Self isolated: False, Admin isolated: False
    a 2020-05-30T14:10:27.844Z [5176:7344] - By policy and feature flags, IPS is disabled
    a 2020-05-30T14:10:27.844Z [5176:7344] - Recalculating isolation: Self isolated: False, Admin isolated: False
    e 2020-05-30T14:10:29.443Z [5176:12508] - Failed to read policy : Cannot load policy - Policy string is empty
    a 2020-05-30T14:11:17.904Z [5176:12508] - By policy and feature flags, IPS is disabled
    a 2020-05-30T14:11:17.904Z [5176:12508] - Updated policy, MTD overall: Enabled, C2 detections: Enabled, connection tracking: Enabled, self isolation: Disabled, ips: Disabled
    a 2020-05-30T14:11:17.906Z [5176:12508] - By policy and feature flags, IPS is disabled
    a 2020-05-30T14:11:17.906Z [5176:12508] - Recalculating isolation: Self isolated: False, Admin isolated: False
    a 2020-05-30T14:11:17.913Z [5176:12508] - By policy and feature flags, IPS is disabled
    a 2020-05-30T14:12:21.127Z [5176: 380] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop software updater\ssuservice.exe' accessed: sn.splashtop.com
    a 2020-05-30T14:12:56.640Z [5176: 380] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    e 2020-05-30T14:12:56.773Z [5176:8420] - SAVService is not running
    a 2020-05-30T14:12:58.092Z [5176:5952] - On service stop
    a 2020-05-30T14:12:58.209Z [5176:7276] - The service has stopped.
    a 2020-05-30T14:37:11.615Z [2608:6652] - ----------------------------------------------------------------------------------------------------
    a 2020-05-30T14:37:11.633Z [2608:6652] - Starting version 1.9.2235.0 of the Sophos Network Threat Protection service.
    a 2020-05-30T14:37:11.633Z [2608:6652] - ----------------------------------------------------------------------------------------------------
    a 2020-05-30T14:37:11.635Z [2608:15116] - On service start
    a 2020-05-30T14:37:11.636Z [2608:15116] - Process application information: Available
    a 2020-05-30T14:37:12.130Z [2608:15116] - Feature flag 'ips.available' is not enabled
    a 2020-05-30T14:37:12.153Z [2608:11848] - By policy and feature flags, IPS is disabled
    a 2020-05-30T14:37:12.153Z [2608:11848] - Updated policy, MTD overall: Enabled, C2 detections: Enabled, connection tracking: Enabled, self isolation: Disabled, ips: Disabled
    a 2020-05-30T14:37:12.155Z [2608:11848] - By policy and feature flags, IPS is disabled
    a 2020-05-30T14:37:12.155Z [2608:11848] - Recalculating isolation: Self isolated: False, Admin isolated: False
    a 2020-05-30T14:37:12.162Z [2608:11848] - By policy and feature flags, IPS is disabled
    a 2020-05-30T14:37:12.168Z [2608:13960] - Recalculating isolation: Self isolated: False, Admin isolated: False
    a 2020-05-30T14:37:23.207Z [2608:13960] - Recalculating isolation: Self isolated: False, Admin isolated: False
    a 2020-05-30T14:37:32.452Z [2608:15116] - On service stop
    a 2020-05-30T14:37:32.572Z [2608:6652] - The service has stopped.
    a 2020-05-30T15:37:58.732Z [14776:13864] - ----------------------------------------------------------------------------------------------------
    a 2020-05-30T15:37:58.732Z [14776:13864] - Starting version 1.9.2235.0 of the Sophos Network Threat Protection service.
    a 2020-05-30T15:37:58.733Z [14776:13864] - ----------------------------------------------------------------------------------------------------
    a 2020-05-30T15:37:58.737Z [14776:14436] - On service start
    a 2020-05-30T15:37:58.737Z [14776:14436] - Process application information: Available
    a 2020-05-30T15:37:58.911Z [14776:14436] - Feature flag 'ips.available' is not enabled
    a 2020-05-30T15:37:58.934Z [14776:12500] - By policy and feature flags, IPS is disabled
    a 2020-05-30T15:37:58.934Z [14776:12500] - Updated policy, MTD overall: Enabled, C2 detections: Enabled, connection tracking: Enabled, self isolation: Disabled, ips: Disabled
    a 2020-05-30T15:37:58.936Z [14776:12500] - By policy and feature flags, IPS is disabled
    a 2020-05-30T15:37:58.936Z [14776:12500] - Recalculating isolation: Self isolated: False, Admin isolated: False
    a 2020-05-30T15:37:58.942Z [14776:12500] - By policy and feature flags, IPS is disabled
    a 2020-05-30T15:38:02.160Z [14776:6844] - Recalculating isolation: Self isolated: False, Admin isolated: False
    a 2020-05-30T15:46:52.853Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-05-30T15:47:06.895Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-05-30T16:06:38.586Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-05-30T16:06:52.852Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-05-30T16:29:36.443Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.verisign.com
    a 2020-05-30T16:37:07.014Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-05-30T17:13:52.841Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-05-30T17:15:48.992Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T11:45:58.309Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T11:45:58.748Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: crl.verisign.com
    a 2020-06-01T11:46:00.207Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: csc3-2010-crl.verisign.com
    a 2020-06-01T11:46:04.287Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T11:46:05.405Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T11:46:07.032Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T11:46:08.637Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ocsp.digicert.com
    a 2020-06-01T11:46:16.495Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T11:46:17.396Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T11:46:18.273Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T11:49:43.070Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T11:50:30.598Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.digicert.com
    a 2020-06-01T11:51:34.722Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T11:51:57.061Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: s1.symcb.com
    a 2020-06-01T11:51:57.386Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: crl.verisign.com
    a 2020-06-01T11:51:57.608Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: crl3.digicert.com
    a 2020-06-01T11:51:57.763Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T11:51:58.064Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: crl4.digicert.com
    a 2020-06-01T11:51:58.619Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: sv.symcb.com
    a 2020-06-01T11:52:16.234Z [14776:13612] - Process: '\device\harddiskvolume5\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe' accessed: officecdn.microsoft.com
    a 2020-06-01T11:52:16.304Z [14776:13612] - Process: '\device\harddiskvolume5\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe' accessed: officecdn.microsoft.com.edgesuite.net
    a 2020-06-01T11:52:22.474Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\backgroundtaskhost.exe' accessed: ocsp.digicert.com
    a 2020-06-01T11:52:40.580Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: officecdn.microsoft.com
    a 2020-06-01T11:52:40.747Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: officecdn.microsoft.com.edgesuite.net
    a 2020-06-01T11:52:42.174Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: officecdn.microsoft.com
    a 2020-06-01T11:52:42.218Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: officecdn.microsoft.com.edgesuite.net
    a 2020-06-01T11:53:18.727Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.verisign.com
    a 2020-06-01T11:53:29.373Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.comodoca.com
    a 2020-06-01T11:53:29.706Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.usertrust.com
    a 2020-06-01T11:53:30.202Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.sectigo.com
    a 2020-06-01T11:53:48.880Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.digicert.com
    a 2020-06-01T11:54:11.058Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.godaddy.com
    a 2020-06-01T11:56:43.796Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: crl3.digicert.com
    a 2020-06-01T11:57:21.489Z [14776:13612] - Process: '\device\harddiskvolume5\program files\diebold\warsaw\core.exe' accessed: ocsp.globalsign.com
    a 2020-06-01T11:58:11.119Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.verisign.com
    a 2020-06-01T11:58:39.325Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\common files\java\java update\jusched.exe' accessed: ocsp.digicert.com
    a 2020-06-01T11:58:49.227Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\dell backup and recovery\toaster.exe' accessed: www.dbrsupportportal.dellbackupandrecovery.com
    a 2020-06-01T11:59:31.379Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: storage.googleapis.com
    a 2020-06-01T12:01:23.601Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: dl.delivery.mp.microsoft.com
    a 2020-06-01T12:01:23.786Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: 11.tlu.dl.delivery.mp.microsoft.com
    a 2020-06-01T12:01:26.527Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: 11.tlu.dl.delivery.mp.microsoft.com
    a 2020-06-01T12:01:27.455Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: dl.delivery.mp.microsoft.com
    a 2020-06-01T12:01:27.596Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: 2.tlu.dl.delivery.mp.microsoft.com
    a 2020-06-01T12:01:27.600Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: 2.tlu.dl.delivery.mp.microsoft.com
    a 2020-06-01T12:01:30.146Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: 2.tlu.dl.delivery.mp.microsoft.com
    a 2020-06-01T12:01:41.165Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: dl.delivery.mp.microsoft.com
    a 2020-06-01T12:01:41.284Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: 2.tlu.dl.delivery.mp.microsoft.com
    a 2020-06-01T12:01:41.794Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\olicenseheartbeat.exe' accessed: ocsp.digicert.com
    a 2020-06-01T12:02:29.498Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\compattelrunner.exe' accessed: ocsp.digicert.com
    a 2020-06-01T12:02:42.835Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: sv.symcb.com
    a 2020-06-01T12:03:21.715Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: 2.tlu.dl.delivery.mp.microsoft.com
    a 2020-06-01T12:03:21.823Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: 2.tlu.dl.delivery.mp.microsoft.com
    a 2020-06-01T12:10:05.660Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.digicert.com
    a 2020-06-01T12:12:11.708Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\adobe\acrobat reader dc\reader\acrord32.exe' accessed: acroipm2.adobe.com
    a 2020-06-01T12:12:11.708Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\adobe\acrobat reader dc\reader\acrord32.exe' accessed: acroipm2.adobe.com
    a 2020-06-01T12:45:23.344Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\firefox 41\pingsender.exe' accessed: ocsp.digicert.com
    a 2020-06-01T12:46:53.936Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T12:58:21.010Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T13:46:54.336Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T13:47:10.965Z [14776:13612] - Process: '\device\harddiskvolume5\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe' accessed: ocsp.verisign.com
    a 2020-06-01T13:47:17.211Z [14776:13612] - Process: '\device\harddiskvolume5\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe' accessed: s2.symcb.com
    a 2020-06-01T13:47:17.679Z [14776:13612] - Process: '\device\harddiskvolume5\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe' accessed: s.symcd.com
    a 2020-06-01T13:47:18.083Z [14776:13612] - Process: '\device\harddiskvolume5\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe' accessed: ts-ocsp.ws.symantec.com
    a 2020-06-01T13:52:02.353Z [14776:14724] - Feature flag 'ips.available' is not enabled
    a 2020-06-01T13:52:02.354Z [14776:14724] - Feature flag 'ips.available' is not enabled
    a 2020-06-01T13:58:22.185Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T14:34:23.442Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T14:34:26.317Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T14:35:06.113Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T14:35:11.368Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T14:35:13.334Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T14:35:18.263Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T14:35:20.480Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T14:35:23.166Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T14:35:45.746Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T14:35:50.587Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T14:43:51.457Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T14:48:46.423Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:46.796Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: dmd.metaservices.microsoft.com
    a 2020-06-01T14:48:47.130Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:47.696Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:48.113Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:48.747Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:49.156Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:49.637Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:50.040Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:50.643Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:51.156Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:51.598Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:52.014Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:52.447Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:52.939Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:53.543Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:53.946Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:54.360Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:54.766Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:55.258Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:55.662Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:56.067Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:56.472Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:57.436Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:57.851Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:58.264Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:58.667Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:59.072Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:59.566Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:59.973Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:00.734Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:01.145Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:01.701Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:02.107Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:02.518Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:02.924Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:03.459Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:03.870Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:04.972Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:05.379Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:05.862Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:06.267Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:06.716Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:07.121Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:07.544Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:08.427Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:08.862Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:09.393Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:09.821Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:10.371Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:10.783Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:11.191Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:11.612Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:12.354Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:12.790Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:13.267Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:13.691Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:14.170Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:14.582Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:16.025Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:16.525Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:16.932Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:17.336Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:17.773Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:18.179Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:18.584Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:18.992Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:19.397Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:19.804Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:20.209Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:20.621Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:21.034Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:54:16.330Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T15:05:04.144Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T15:33:51.570Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T16:01:56.121Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T16:06:52.499Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T16:08:26.724Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T16:10:05.992Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T16:23:51.828Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T17:08:27.463Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T17:08:59.727Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T17:13:51.987Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T18:03:52.107Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T18:11:02.883Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T18:18:28.564Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T18:53:52.214Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T19:16:52.145Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T19:18:29.285Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T19:41:31.167Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T19:43:52.309Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T20:02:48.252Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T20:02:51.544Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T20:14:25.325Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T20:14:33.589Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T20:24:34.217Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T20:24:39.065Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T20:25:03.131Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T20:31:04.800Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T20:33:52.530Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T20:54:14.489Z [14776:12500] - By policy and feature flags, IPS is disabled
    a 2020-06-01T20:54:14.489Z [14776:12500] - Updated policy, MTD overall: Enabled, C2 detections: Enabled, connection tracking: Enabled, self isolation: Disabled, ips: Disabled
    a 2020-06-01T20:54:14.490Z [14776:12500] - By policy and feature flags, IPS is disabled
    a 2020-06-01T20:54:14.491Z [14776:12500] - Recalculating isolation: Self isolated: False, Admin isolated: False
    a 2020-06-01T20:54:14.505Z [14776:12500] - By policy and feature flags, IPS is disabled
    a 2020-06-01T20:58:38.995Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T20:58:52.598Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    e 2020-06-01T20:58:57.622Z [14776:15020] - SSP request has expired, query: 000002B719BE1480
    a 2020-06-01T21:00:00.630Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T21:00:22.594Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T21:03:16.832Z [14776:12500] - By policy and feature flags, IPS is disabled
    a 2020-06-01T21:03:16.833Z [14776:12500] - Updated policy, MTD overall: Enabled, C2 detections: Enabled, connection tracking: Enabled, self isolation: Disabled, ips: Disabled
    a 2020-06-01T21:03:16.834Z [14776:12500] - By policy and feature flags, IPS is disabled
    a 2020-06-01T21:03:16.834Z [14776:12500] - Recalculating isolation: Self isolated: False, Admin isolated: False
    a 2020-06-01T21:03:16.842Z [14776:12500] - By policy and feature flags, IPS is disabled
    a 2020-06-01T21:06:52.660Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T21:06:54.336Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T21:08:43.985Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T21:08:52.651Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T21:28:29.310Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T21:31:55.563Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T21:58:52.756Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T21:59:28.565Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: storage.googleapis.com
    a 2020-06-01T22:31:56.463Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T22:32:17.657Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    e 2020-06-01T22:32:22.760Z [14776:15020] - SSP request has expired, query: 000002B719B99640
    e 2020-06-01T22:32:32.358Z [14776:15020] - SSP request has expired, query: 000002B719B99640
    a 2020-06-01T22:35:34.052Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: www.msftconnecttest.com
    a 2020-06-01T22:35:41.923Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T22:35:52.841Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T22:36:35.684Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T22:36:52.850Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:05:09.619Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:05:13.536Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:05:15.040Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:05:48.629Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:05:51.526Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:05:54.214Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:26:52.976Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:27:31.023Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:27:32.949Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:27:42.903Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:29:24.157Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:29:24.710Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:30:53.373Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:30:56.376Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:30:58.844Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:31:00.984Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:31:02.498Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:31:03.879Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:31:05.360Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:31:07.171Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:31:09.686Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:31:12.281Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:31:14.592Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:31:32.842Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:31:37.187Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:31:57.581Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:32:24.200Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:32:38.158Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:32:40.794Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:32:44.001Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:32:45.439Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:33:01.744Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:33:27.959Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:34:13.468Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:34:27.198Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:34:33.081Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:35:05.645Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:35:09.997Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:35:12.510Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:35:21.051Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:36:38.965Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-02T10:57:36.010Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-02T10:57:39.320Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-02T10:57:42.495Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-02T10:57:57.677Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-02T10:58:00.477Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-02T10:58:04.673Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-02T10:58:25.603Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-02T11:06:16.718Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-02T11:06:24.098Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-02T11:09:43.625Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: crl3.digicert.com
    a 2020-06-02T11:11:29.398Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\dell backup and recovery\toaster.exe' accessed: www.dbrsupportportal.dellbackupandrecovery.com
    a 2020-06-02T12:01:55.469Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-02T12:04:27.915Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.godaddy.com
    a 2020-06-02T12:06:32.970Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-02T12:10:01.836Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: storage.googleapis.com
    a 2020-06-02T12:15:29.507Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-02T12:16:37.919Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-02T12:23:14.850Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-02T12:23:20.877Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-02T12:23:37.164Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-02T12:23:38.658Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-02T12:23:40.708Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-02T12:23:42.203Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-02T12:23:44.564Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-02T12:23:46.904Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    

  • Hi  

    Unfortunately, there are no such errors/information from which we can derive what exactly is blocking. However, on the Central dashboard or under event logs do you see any errors/ information related to this issue?  Some internal websites based on web applications (or other web technologies) will perform loop-back connections. Are there any exclusions added under the policy? Wireshark logs would be more helpful in this scenario. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • No warning or error really appears, neither in the central sophos nor in any type of log, the internet simply stops. I did tests by opening the cmd pinging 
    several sites, and as soon as I connect to the vpn, less than 1 minute later the internet stops working, no ping anymore works for any type of site. As it was
    already detected that it is the ntp that makes this block, I would like the help to create some policy in the central sophos, to exclude from the scan only the
    connection with the public ip of the office, is this possible? I've been studying this, but I haven't been able to succeed. Can you help me ?






  • Hello Martorelli,

    In your Firewall Rule for the client that is using SSL VPN as full tunnel, could you please select GREEN under Synchronized security Minimum source HB permitted.

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Good morning Jasmine.

     Today I made some attempts, the logs I am sending you were generated after the attempts.

     

    1004.SntpService.log

  • Hi  

    This would require in-depth troubleshooting along with Wireshark logs. As the logs provided, does not provide ant specific error with NTP causing the issue. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids