This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos endpoint blocking internet traffic via ssl vpn, with gateway enabled.

Good morning folks.
  

I have a sophos xg 135 firewall, and anti-virus endpoint also from sophos, we are all working in home office, via ssl VPN with client installed on all computers,
there was a need for a user to access a third party system with our public ip being in your home, I created a specific rule on the firewall and group on the VPN to
use our public ip as a gateway, so far everything is perfect, everything works, and even on any computer it works with any antivirus, but when I install the sophos
endpoint antivirus all internet traffic for , only the network continues, I already tried to disable all policies on the endpoint for 4 hours, but I still have access
to the internet blocked, I tried everything including searches in the forums, and I didn't get anything, I would like help to solve this problem
.
Thank you


This thread was automatically locked due to age.
  • We have two ssl vpn connections:
    
    The 1st ssl vpn to connect the folders on the server, and the public ip is the employee's home, it works on any computer with any anti-virus, nothing is blocked 
    everything works perfectly.







    The 2nd ssl vpn is for the employee to connect to the folders on the server and use the public ip of the office and not the ip of his home, and this one after
    connecting, the internet is blocked, on any computer with any antivirus other than the sophos endpoint works. Already on a computer with sophos endpoint the internet
    is blocked, and it only works if I stop the service: SOPHOS NETWORK THREAT PROTECTION, however I need to find out how to get around this problem, I cannot leave this
    service disabled. I can enable this service easily, the problem is that if I enable the internet it doesn't work.






    The internet is blocked only by the anti virus sophos endpoint, specifically the service: SOPHOS NETWORK THREAT PROTECTION, This problem does not occur with 
    any other anti virus.





  • Hello  

    What is the status of this machine in Sophos Central? Does this machine have a Red status? I ask because the machine may be in "Red" health and Allow computers to isolate themselves on red health is enabled in your Threat Protection policy too. 

  • Hi  

    Would you please provide the Sntpservice.log file from the path "C:\ProgramData\Sophos\Sophos Network Threat Protection\Logs"?

    So, we can check if anything is getting logged which is blocking the internet.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Good morning Jasmine.
    Attached are the logs.

    a 2020-05-30T14:10:27.631Z [5176:7276] - ----------------------------------------------------------------------------------------------------
    a 2020-05-30T14:10:27.632Z [5176:7276] - Starting version 1.9.2235.0 of the Sophos Network Threat Protection service.
    a 2020-05-30T14:10:27.632Z [5176:7276] - ----------------------------------------------------------------------------------------------------
    a 2020-05-30T14:10:27.634Z [5176:5952] - On service start
    a 2020-05-30T14:10:27.634Z [5176:5952] - Process application information: Available
    a 2020-05-30T14:10:27.822Z [5176:5952] - Feature flag 'ips.available' is not enabled
    a 2020-05-30T14:10:27.829Z [5176:12508] - By policy and feature flags, IPS is disabled
    a 2020-05-30T14:10:27.829Z [5176:12508] - Updated policy, MTD overall: Disabled, C2 detections: Disabled, connection tracking: Disabled, self isolation: Disabled, ips: Disabled
    a 2020-05-30T14:10:27.830Z [5176:12508] - By policy and feature flags, IPS is disabled
    a 2020-05-30T14:10:27.830Z [5176:12508] - Recalculating isolation: Self isolated: False, Admin isolated: False
    a 2020-05-30T14:10:27.837Z [5176:12508] - By policy and feature flags, IPS is disabled
    a 2020-05-30T14:10:27.839Z [5176:5720] - Recalculating isolation: Self isolated: False, Admin isolated: False
    a 2020-05-30T14:10:27.844Z [5176:7344] - By policy and feature flags, IPS is disabled
    a 2020-05-30T14:10:27.844Z [5176:7344] - Recalculating isolation: Self isolated: False, Admin isolated: False
    e 2020-05-30T14:10:29.443Z [5176:12508] - Failed to read policy : Cannot load policy - Policy string is empty
    a 2020-05-30T14:11:17.904Z [5176:12508] - By policy and feature flags, IPS is disabled
    a 2020-05-30T14:11:17.904Z [5176:12508] - Updated policy, MTD overall: Enabled, C2 detections: Enabled, connection tracking: Enabled, self isolation: Disabled, ips: Disabled
    a 2020-05-30T14:11:17.906Z [5176:12508] - By policy and feature flags, IPS is disabled
    a 2020-05-30T14:11:17.906Z [5176:12508] - Recalculating isolation: Self isolated: False, Admin isolated: False
    a 2020-05-30T14:11:17.913Z [5176:12508] - By policy and feature flags, IPS is disabled
    a 2020-05-30T14:12:21.127Z [5176: 380] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop software updater\ssuservice.exe' accessed: sn.splashtop.com
    a 2020-05-30T14:12:56.640Z [5176: 380] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    e 2020-05-30T14:12:56.773Z [5176:8420] - SAVService is not running
    a 2020-05-30T14:12:58.092Z [5176:5952] - On service stop
    a 2020-05-30T14:12:58.209Z [5176:7276] - The service has stopped.
    a 2020-05-30T14:37:11.615Z [2608:6652] - ----------------------------------------------------------------------------------------------------
    a 2020-05-30T14:37:11.633Z [2608:6652] - Starting version 1.9.2235.0 of the Sophos Network Threat Protection service.
    a 2020-05-30T14:37:11.633Z [2608:6652] - ----------------------------------------------------------------------------------------------------
    a 2020-05-30T14:37:11.635Z [2608:15116] - On service start
    a 2020-05-30T14:37:11.636Z [2608:15116] - Process application information: Available
    a 2020-05-30T14:37:12.130Z [2608:15116] - Feature flag 'ips.available' is not enabled
    a 2020-05-30T14:37:12.153Z [2608:11848] - By policy and feature flags, IPS is disabled
    a 2020-05-30T14:37:12.153Z [2608:11848] - Updated policy, MTD overall: Enabled, C2 detections: Enabled, connection tracking: Enabled, self isolation: Disabled, ips: Disabled
    a 2020-05-30T14:37:12.155Z [2608:11848] - By policy and feature flags, IPS is disabled
    a 2020-05-30T14:37:12.155Z [2608:11848] - Recalculating isolation: Self isolated: False, Admin isolated: False
    a 2020-05-30T14:37:12.162Z [2608:11848] - By policy and feature flags, IPS is disabled
    a 2020-05-30T14:37:12.168Z [2608:13960] - Recalculating isolation: Self isolated: False, Admin isolated: False
    a 2020-05-30T14:37:23.207Z [2608:13960] - Recalculating isolation: Self isolated: False, Admin isolated: False
    a 2020-05-30T14:37:32.452Z [2608:15116] - On service stop
    a 2020-05-30T14:37:32.572Z [2608:6652] - The service has stopped.
    a 2020-05-30T15:37:58.732Z [14776:13864] - ----------------------------------------------------------------------------------------------------
    a 2020-05-30T15:37:58.732Z [14776:13864] - Starting version 1.9.2235.0 of the Sophos Network Threat Protection service.
    a 2020-05-30T15:37:58.733Z [14776:13864] - ----------------------------------------------------------------------------------------------------
    a 2020-05-30T15:37:58.737Z [14776:14436] - On service start
    a 2020-05-30T15:37:58.737Z [14776:14436] - Process application information: Available
    a 2020-05-30T15:37:58.911Z [14776:14436] - Feature flag 'ips.available' is not enabled
    a 2020-05-30T15:37:58.934Z [14776:12500] - By policy and feature flags, IPS is disabled
    a 2020-05-30T15:37:58.934Z [14776:12500] - Updated policy, MTD overall: Enabled, C2 detections: Enabled, connection tracking: Enabled, self isolation: Disabled, ips: Disabled
    a 2020-05-30T15:37:58.936Z [14776:12500] - By policy and feature flags, IPS is disabled
    a 2020-05-30T15:37:58.936Z [14776:12500] - Recalculating isolation: Self isolated: False, Admin isolated: False
    a 2020-05-30T15:37:58.942Z [14776:12500] - By policy and feature flags, IPS is disabled
    a 2020-05-30T15:38:02.160Z [14776:6844] - Recalculating isolation: Self isolated: False, Admin isolated: False
    a 2020-05-30T15:46:52.853Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-05-30T15:47:06.895Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-05-30T16:06:38.586Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-05-30T16:06:52.852Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-05-30T16:29:36.443Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.verisign.com
    a 2020-05-30T16:37:07.014Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-05-30T17:13:52.841Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-05-30T17:15:48.992Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T11:45:58.309Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T11:45:58.748Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: crl.verisign.com
    a 2020-06-01T11:46:00.207Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: csc3-2010-crl.verisign.com
    a 2020-06-01T11:46:04.287Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T11:46:05.405Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T11:46:07.032Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T11:46:08.637Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ocsp.digicert.com
    a 2020-06-01T11:46:16.495Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T11:46:17.396Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T11:46:18.273Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T11:49:43.070Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T11:50:30.598Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.digicert.com
    a 2020-06-01T11:51:34.722Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T11:51:57.061Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: s1.symcb.com
    a 2020-06-01T11:51:57.386Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: crl.verisign.com
    a 2020-06-01T11:51:57.608Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: crl3.digicert.com
    a 2020-06-01T11:51:57.763Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T11:51:58.064Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: crl4.digicert.com
    a 2020-06-01T11:51:58.619Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: sv.symcb.com
    a 2020-06-01T11:52:16.234Z [14776:13612] - Process: '\device\harddiskvolume5\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe' accessed: officecdn.microsoft.com
    a 2020-06-01T11:52:16.304Z [14776:13612] - Process: '\device\harddiskvolume5\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe' accessed: officecdn.microsoft.com.edgesuite.net
    a 2020-06-01T11:52:22.474Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\backgroundtaskhost.exe' accessed: ocsp.digicert.com
    a 2020-06-01T11:52:40.580Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: officecdn.microsoft.com
    a 2020-06-01T11:52:40.747Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: officecdn.microsoft.com.edgesuite.net
    a 2020-06-01T11:52:42.174Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: officecdn.microsoft.com
    a 2020-06-01T11:52:42.218Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: officecdn.microsoft.com.edgesuite.net
    a 2020-06-01T11:53:18.727Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.verisign.com
    a 2020-06-01T11:53:29.373Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.comodoca.com
    a 2020-06-01T11:53:29.706Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.usertrust.com
    a 2020-06-01T11:53:30.202Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.sectigo.com
    a 2020-06-01T11:53:48.880Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.digicert.com
    a 2020-06-01T11:54:11.058Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.godaddy.com
    a 2020-06-01T11:56:43.796Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: crl3.digicert.com
    a 2020-06-01T11:57:21.489Z [14776:13612] - Process: '\device\harddiskvolume5\program files\diebold\warsaw\core.exe' accessed: ocsp.globalsign.com
    a 2020-06-01T11:58:11.119Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.verisign.com
    a 2020-06-01T11:58:39.325Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\common files\java\java update\jusched.exe' accessed: ocsp.digicert.com
    a 2020-06-01T11:58:49.227Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\dell backup and recovery\toaster.exe' accessed: www.dbrsupportportal.dellbackupandrecovery.com
    a 2020-06-01T11:59:31.379Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: storage.googleapis.com
    a 2020-06-01T12:01:23.601Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: dl.delivery.mp.microsoft.com
    a 2020-06-01T12:01:23.786Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: 11.tlu.dl.delivery.mp.microsoft.com
    a 2020-06-01T12:01:26.527Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: 11.tlu.dl.delivery.mp.microsoft.com
    a 2020-06-01T12:01:27.455Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: dl.delivery.mp.microsoft.com
    a 2020-06-01T12:01:27.596Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: 2.tlu.dl.delivery.mp.microsoft.com
    a 2020-06-01T12:01:27.600Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: 2.tlu.dl.delivery.mp.microsoft.com
    a 2020-06-01T12:01:30.146Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: 2.tlu.dl.delivery.mp.microsoft.com
    a 2020-06-01T12:01:41.165Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: dl.delivery.mp.microsoft.com
    a 2020-06-01T12:01:41.284Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: 2.tlu.dl.delivery.mp.microsoft.com
    a 2020-06-01T12:01:41.794Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\olicenseheartbeat.exe' accessed: ocsp.digicert.com
    a 2020-06-01T12:02:29.498Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\compattelrunner.exe' accessed: ocsp.digicert.com
    a 2020-06-01T12:02:42.835Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: sv.symcb.com
    a 2020-06-01T12:03:21.715Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: 2.tlu.dl.delivery.mp.microsoft.com
    a 2020-06-01T12:03:21.823Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: 2.tlu.dl.delivery.mp.microsoft.com
    a 2020-06-01T12:10:05.660Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.digicert.com
    a 2020-06-01T12:12:11.708Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\adobe\acrobat reader dc\reader\acrord32.exe' accessed: acroipm2.adobe.com
    a 2020-06-01T12:12:11.708Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\adobe\acrobat reader dc\reader\acrord32.exe' accessed: acroipm2.adobe.com
    a 2020-06-01T12:45:23.344Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\firefox 41\pingsender.exe' accessed: ocsp.digicert.com
    a 2020-06-01T12:46:53.936Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T12:58:21.010Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T13:46:54.336Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T13:47:10.965Z [14776:13612] - Process: '\device\harddiskvolume5\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe' accessed: ocsp.verisign.com
    a 2020-06-01T13:47:17.211Z [14776:13612] - Process: '\device\harddiskvolume5\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe' accessed: s2.symcb.com
    a 2020-06-01T13:47:17.679Z [14776:13612] - Process: '\device\harddiskvolume5\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe' accessed: s.symcd.com
    a 2020-06-01T13:47:18.083Z [14776:13612] - Process: '\device\harddiskvolume5\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe' accessed: ts-ocsp.ws.symantec.com
    a 2020-06-01T13:52:02.353Z [14776:14724] - Feature flag 'ips.available' is not enabled
    a 2020-06-01T13:52:02.354Z [14776:14724] - Feature flag 'ips.available' is not enabled
    a 2020-06-01T13:58:22.185Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T14:34:23.442Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T14:34:26.317Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T14:35:06.113Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T14:35:11.368Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T14:35:13.334Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T14:35:18.263Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T14:35:20.480Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T14:35:23.166Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T14:35:45.746Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T14:35:50.587Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T14:43:51.457Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T14:48:46.423Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:46.796Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: dmd.metaservices.microsoft.com
    a 2020-06-01T14:48:47.130Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:47.696Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:48.113Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:48.747Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:49.156Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:49.637Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:50.040Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:50.643Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:51.156Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:51.598Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:52.014Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:52.447Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:52.939Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:53.543Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:53.946Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:54.360Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:54.766Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:55.258Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:55.662Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:56.067Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:56.472Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:57.436Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:57.851Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:58.264Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:58.667Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:59.072Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:59.566Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:48:59.973Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:00.734Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:01.145Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:01.701Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:02.107Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:02.518Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:02.924Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:03.459Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:03.870Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:04.972Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:05.379Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:05.862Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:06.267Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:06.716Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:07.121Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:07.544Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:08.427Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:08.862Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:09.393Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:09.821Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:10.371Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:10.783Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:11.191Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:11.612Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:12.354Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:12.790Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:13.267Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:13.691Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:14.170Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:14.582Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:16.025Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:16.525Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:16.932Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:17.336Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:17.773Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:18.179Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:18.584Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:18.992Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:19.397Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:19.804Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:20.209Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:20.621Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:49:21.034Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
    a 2020-06-01T14:54:16.330Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T15:05:04.144Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T15:33:51.570Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T16:01:56.121Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T16:06:52.499Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T16:08:26.724Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T16:10:05.992Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T16:23:51.828Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T17:08:27.463Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T17:08:59.727Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T17:13:51.987Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T18:03:52.107Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T18:11:02.883Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T18:18:28.564Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T18:53:52.214Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T19:16:52.145Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T19:18:29.285Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T19:41:31.167Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T19:43:52.309Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T20:02:48.252Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T20:02:51.544Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T20:14:25.325Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T20:14:33.589Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T20:24:34.217Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T20:24:39.065Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T20:25:03.131Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T20:31:04.800Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T20:33:52.530Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T20:54:14.489Z [14776:12500] - By policy and feature flags, IPS is disabled
    a 2020-06-01T20:54:14.489Z [14776:12500] - Updated policy, MTD overall: Enabled, C2 detections: Enabled, connection tracking: Enabled, self isolation: Disabled, ips: Disabled
    a 2020-06-01T20:54:14.490Z [14776:12500] - By policy and feature flags, IPS is disabled
    a 2020-06-01T20:54:14.491Z [14776:12500] - Recalculating isolation: Self isolated: False, Admin isolated: False
    a 2020-06-01T20:54:14.505Z [14776:12500] - By policy and feature flags, IPS is disabled
    a 2020-06-01T20:58:38.995Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T20:58:52.598Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    e 2020-06-01T20:58:57.622Z [14776:15020] - SSP request has expired, query: 000002B719BE1480
    a 2020-06-01T21:00:00.630Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T21:00:22.594Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T21:03:16.832Z [14776:12500] - By policy and feature flags, IPS is disabled
    a 2020-06-01T21:03:16.833Z [14776:12500] - Updated policy, MTD overall: Enabled, C2 detections: Enabled, connection tracking: Enabled, self isolation: Disabled, ips: Disabled
    a 2020-06-01T21:03:16.834Z [14776:12500] - By policy and feature flags, IPS is disabled
    a 2020-06-01T21:03:16.834Z [14776:12500] - Recalculating isolation: Self isolated: False, Admin isolated: False
    a 2020-06-01T21:03:16.842Z [14776:12500] - By policy and feature flags, IPS is disabled
    a 2020-06-01T21:06:52.660Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T21:06:54.336Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T21:08:43.985Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T21:08:52.651Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T21:28:29.310Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T21:31:55.563Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T21:58:52.756Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T21:59:28.565Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: storage.googleapis.com
    a 2020-06-01T22:31:56.463Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-01T22:32:17.657Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    e 2020-06-01T22:32:22.760Z [14776:15020] - SSP request has expired, query: 000002B719B99640
    e 2020-06-01T22:32:32.358Z [14776:15020] - SSP request has expired, query: 000002B719B99640
    a 2020-06-01T22:35:34.052Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: www.msftconnecttest.com
    a 2020-06-01T22:35:41.923Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T22:35:52.841Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T22:36:35.684Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-01T22:36:52.850Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:05:09.619Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:05:13.536Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:05:15.040Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:05:48.629Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:05:51.526Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:05:54.214Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:26:52.976Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:27:31.023Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:27:32.949Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:27:42.903Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:29:24.157Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:29:24.710Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:30:53.373Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:30:56.376Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:30:58.844Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:31:00.984Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:31:02.498Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:31:03.879Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:31:05.360Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:31:07.171Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:31:09.686Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:31:12.281Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:31:14.592Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:31:32.842Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:31:37.187Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:31:57.581Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:32:24.200Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:32:38.158Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:32:40.794Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:32:44.001Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:32:45.439Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:33:01.744Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:33:27.959Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:34:13.468Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:34:27.198Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:34:33.081Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:35:05.645Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:35:09.997Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:35:12.510Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:35:21.051Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-01T23:36:38.965Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-02T10:57:36.010Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-02T10:57:39.320Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-02T10:57:42.495Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-02T10:57:57.677Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-02T10:58:00.477Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-02T10:58:04.673Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-02T10:58:25.603Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-02T11:06:16.718Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-02T11:06:24.098Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-02T11:09:43.625Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: crl3.digicert.com
    a 2020-06-02T11:11:29.398Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\dell backup and recovery\toaster.exe' accessed: www.dbrsupportportal.dellbackupandrecovery.com
    a 2020-06-02T12:01:55.469Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-02T12:04:27.915Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.godaddy.com
    a 2020-06-02T12:06:32.970Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
    a 2020-06-02T12:10:01.836Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: storage.googleapis.com
    a 2020-06-02T12:15:29.507Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-02T12:16:37.919Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
    a 2020-06-02T12:23:14.850Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-02T12:23:20.877Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-02T12:23:37.164Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-02T12:23:38.658Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-02T12:23:40.708Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-02T12:23:42.203Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-02T12:23:44.564Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    a 2020-06-02T12:23:46.904Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
    

  • Hi  

    Unfortunately, there are no such errors/information from which we can derive what exactly is blocking. However, on the Central dashboard or under event logs do you see any errors/ information related to this issue?  Some internal websites based on web applications (or other web technologies) will perform loop-back connections. Are there any exclusions added under the policy? Wireshark logs would be more helpful in this scenario. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • No warning or error really appears, neither in the central sophos nor in any type of log, the internet simply stops. I did tests by opening the cmd pinging 
    several sites, and as soon as I connect to the vpn, less than 1 minute later the internet stops working, no ping anymore works for any type of site. As it was
    already detected that it is the ntp that makes this block, I would like the help to create some policy in the central sophos, to exclude from the scan only the
    connection with the public ip of the office, is this possible? I've been studying this, but I haven't been able to succeed. Can you help me ?






  • Hello Martorelli,

    In your Firewall Rule for the client that is using SSL VPN as full tunnel, could you please select GREEN under Synchronized security Minimum source HB permitted.

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Good morning Jasmine.

     Today I made some attempts, the logs I am sending you were generated after the attempts.

     

    1004.SntpService.log