Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 4 subscribers
  • Views 1086 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos seems to block LSI Storage Authority web interface

CrefoHB

It seems that Sophos Endpoint somehow blocks the correct function of the LSI Storage Authority web interface. It's a management software to manage RAID controllers. The web interface page is displayed completely blank. On computers that are not running Sophos the web site is displayed correct. This happens on the server that is running the webserver of the software and on clients too.

https://techdocs.broadcom.com/us/en/storage-and-ethernet-connectivity/enterprise-storage-solutions/lsa-lsi-storage-authority-software/2-7/LSA_help_overview.html



This thread was automatically locked due to age.
  • 0

    Hi  ,

    Thank you for reaching out to the Sophos Community forum.

    I ran this URL on our Intelix Tool, and it's correctly categorized. On the Endpoint or on Central, do you see any detections or events related to this? Most likely, you would need to set up an exclusion. Please share more details of the detection so we can further advise. If you can share screenshots of the detection, that would also help.

    Thank you.

    Gladys Reyes
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0 in reply to Gladys

    Which URL have you checked? The URL I've posted is for information purpose only. I don't think the URL of the LSI Storage Authority can be checked by that tool because it's on the intranet. 

  • 0 in reply to CrefoHB

    I've maybe found something interesting in the SophosNetFilter.log. Here the lines from the access of the website in Microsoft Edge directly on the server that is running the application.

    2024-01-03T13:37:48.372Z [13216:18204] I Connection from '\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe' with Spid: (19736,133487626677259145) and flowId:2176824
2024-01-03T13:37:48.373Z [13216:18120] I [check-ip] connection:0x21f52c051d0 ip:::1 flowId:2176824 decision:continue
2024-01-03T13:37:48.373Z [13216:18120] I [request] connection: 0x21f52c051d0 url:http://localhost/ ip:::1 flowId:2176824 decision:allowed riskLevel: universalCategory:
2024-01-03T13:37:48.486Z [13216:18204] I [webengine] New connection 0x21f52c141f0
2024-01-03T13:37:48.486Z [13216:18204] I Connection from '\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe' with Spid: (19736,133487626677259145) and flowId:2044058
2024-01-03T13:37:48.486Z [13216:18204] I [webengine] New connection 0x21f52c127f0
2024-01-03T13:37:48.486Z [13216:18204] I Connection from '\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe' with Spid: (19736,133487626677259145) and flowId:2044122
2024-01-03T13:37:48.486Z [13216:18204] I [webengine] New connection 0x21f52c12610
2024-01-03T13:37:48.487Z [13216:18204] I Connection from '\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe' with Spid: (19736,133487626677259145) and flowId:2044186
2024-01-03T13:37:48.487Z [13216:18204] I [webengine] New connection 0x21f51b87300
2024-01-03T13:37:48.487Z [13216:18204] I Connection from '\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe' with Spid: (19736,133487626677259145) and flowId:2044250
2024-01-03T13:37:48.488Z [13216:18120] I [clienthello] connection:0x21f52c141f0 sni:edge.microsoft.com ip:204.79.197.239 flowId:2044058 decision:offload source:sxl4_cache
2024-01-03T13:37:48.488Z [13216:18120] I [clienthello] connection:0x21f52c127f0 sni:edge-mobile-static.azureedge.net ip:13.107.246.67 flowId:2044122 decision:offload source:sxl4_cache
2024-01-03T13:37:48.488Z [13216:18200] I Completing offload for flowId 2044058
2024-01-03T13:37:48.488Z [13216:18200] I [webengine] Closing connection 0x21f52c141f0 for 'edge.microsoft.com': request=570B, response=0B, lifetime=2ms, businessLogicDelay=0ms, timeInCache=0ms
2024-01-03T13:37:48.488Z [13216:18120] I [clienthello] connection:0x21f52c12610 sni:business.bing.com ip:13.107.6.158 flowId:2044186 decision:offload source:sxl4_cache
2024-01-03T13:37:48.488Z [13216:18200] I Completing offload for flowId 2044122
2024-01-03T13:37:48.489Z [13216:18200] I [webengine] Closing connection 0x21f52c127f0 for 'edge-mobile-static.azureedge.net': request=584B, response=0B, lifetime=2ms, businessLogicDelay=0ms, timeInCache=0ms
2024-01-03T13:37:48.489Z [13216:18120] I [clienthello] connection:0x21f51b87300 sni:business.bing.com ip:13.107.6.158 flowId:2044250 decision:offload source:sxl4_cache
2024-01-03T13:37:48.489Z [13216:18200] I Completing offload for flowId 2044186
2024-01-03T13:37:48.489Z [13216:18200] I [webengine] Closing connection 0x21f52c12610 for 'business.bing.com': request=517B, response=0B, lifetime=2ms, businessLogicDelay=0ms, timeInCache=0ms
2024-01-03T13:37:48.489Z [13216:18200] I Completing offload for flowId 2044250
2024-01-03T13:37:48.489Z [13216:18200] I [webengine] Closing connection 0x21f51b87300 for 'business.bing.com': request=569B, response=0B, lifetime=2ms, businessLogicDelay=0ms, timeInCache=0ms
2024-01-03T13:37:48.542Z [13216:18120] I [scan] connection:0x21f52c051d0 url:http://localhost/ flowId:2176824 decision:allowed
2024-01-03T13:37:48.580Z [13216:18120] I [request] connection: 0x21f52c051d0 url:http://localhost/ui/remoteserver/index.html ip:::1 flowId:2176824 decision:allowed riskLevel: universalCategory:
2024-01-03T13:37:48.590Z [13216:18120] I [scan] connection:0x21f52c051d0 url:http://localhost/ui/remoteserver/index.html flowId:2176824 decision:allowed
2024-01-03T13:37:48.600Z [13216:18120] I [request] connection: 0x21f52c051d0 url:http://localhost/ui/remoteserver/remoteserver/remoteserver.nocache.js ip:::1 flowId:2176824 decision:allowed riskLevel: universalCategory:
2024-01-03T13:37:48.601Z [13216:18204] I [webengine] New connection 0x21f52c7fd90
2024-01-03T13:37:48.601Z [13216:18204] I Connection from '\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe' with Spid: (19736,133487626677259145) and flowId:2043962
2024-01-03T13:37:48.602Z [13216:18120] I [check-ip] connection:0x21f52c7fd90 ip:::1 flowId:2043962 decision:continue
2024-01-03T13:37:48.602Z [13216:18120] I [request] connection: 0x21f52c7fd90 url:http://localhost/js/message_en.js ip:::1 flowId:2043962 decision:allowed riskLevel: universalCategory:
2024-01-03T13:37:48.603Z [13216:18204] I [webengine] New connection 0x21f52c80790
2024-01-03T13:37:48.603Z [13216:18204] I Connection from '\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe' with Spid: (19736,133487626677259145) and flowId:2623729
2024-01-03T13:37:48.603Z [13216:18204] I [webengine] New connection 0x21f52c7fdf0
2024-01-03T13:37:48.604Z [13216:18204] I Connection from '\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe' with Spid: (19736,133487626677259145) and flowId:2623825
2024-01-03T13:37:48.604Z [13216:18120] I [check-ip] connection:0x21f52c80790 ip:::1 flowId:2623729 decision:continue
2024-01-03T13:37:48.604Z [13216:18204] I [webengine] New connection 0x21f52c79ad0
2024-01-03T13:37:48.604Z [13216:18204] I Connection from '\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe' with Spid: (19736,133487626677259145) and flowId:2623921
2024-01-03T13:37:48.605Z [13216:18120] I [request] connection: 0x21f52c7fdf0 url:http://localhost/ui/css/cssstyles.css ip:::1 flowId:2623825 decision:allowed riskLevel: universalCategory:
2024-01-03T13:37:48.605Z [13216:18120] I [check-ip] connection:0x21f52c7fdf0 ip:::1 flowId:2623825 decision:continue
2024-01-03T13:37:48.605Z [13216:18204] I [webengine] New connection 0x21f52c79710
2024-01-03T13:37:48.605Z [13216:18204] I Connection from '\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe' with Spid: (19736,133487626677259145) and flowId:2624017
2024-01-03T13:37:48.605Z [13216:34532] I [request] connection: 0x21f52c79ad0 url:http://localhost/js/message_es.js ip:::1 flowId:2623921 decision:allowed riskLevel: universalCategory:
2024-01-03T13:37:48.605Z [13216:18120] I [check-ip] connection:0x21f52c79ad0 ip:::1 flowId:2623921 decision:continue
2024-01-03T13:37:48.606Z [13216:18120] I [request] connection: 0x21f52c80790 url:http://localhost/ui/css/gwt.css ip:::1 flowId:2623729 decision:allowed riskLevel: universalCategory:
2024-01-03T13:37:48.607Z [13216:18120] I [check-ip] connection:0x21f52c79710 ip:::1 flowId:2624017 decision:continue
2024-01-03T13:37:48.607Z [13216:18120] I [request] connection: 0x21f52c79710 url:http://localhost/js/message_OEM.js ip:::1 flowId:2624017 decision:allowed riskLevel: universalCategory:
2024-01-03T13:37:48.612Z [13216:18120] I [scan] connection:0x21f52c051d0 url:http://localhost/ui/remoteserver/remoteserver/remoteserver.nocache.js flowId:2176824 decision:allowed
2024-01-03T13:37:48.617Z [13216:18120] I [scan] connection:0x21f52c7fd90 url:http://localhost/js/message_en.js flowId:2043962 decision:allowed
2024-01-03T13:37:48.622Z [13216:18120] I [scan] connection:0x21f52c79710 url:http://localhost/js/message_OEM.js flowId:2624017 decision:allowed
2024-01-03T13:37:48.623Z [13216:18120] I [request] connection: 0x21f52c051d0 url:http://localhost/js/custom.js ip:::1 flowId:2176824 decision:allowed riskLevel: universalCategory:
2024-01-03T13:37:48.627Z [13216:18120] I [scan] connection:0x21f52c051d0 url:http://localhost/js/custom.js flowId:2176824 decision:allowed
2024-01-03T13:37:48.701Z [13216:18204] I [webengine] New connection 0x21f52c05110
2024-01-03T13:37:48.701Z [13216:18204] I Connection from '\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe' with Spid: (19736,133487626677259145) and flowId:2076870
2024-01-03T13:37:48.786Z [13216:18120] I [scan] connection:0x21f52c80790 url:http://localhost/ui/css/gwt.css flowId:2623729 decision:allowed
2024-01-03T13:37:48.848Z [13216:18120] I [clienthello] connection:0x21f52c05110 sni:bzib.nelreports.net ip:2.22.242.11 flowId:2076870 decision:offload source:sxl4_lookup
2024-01-03T13:37:48.848Z [13216:18200] I Completing offload for flowId 2076870
2024-01-03T13:37:48.848Z [13216:18200] I [webengine] Closing connection 0x21f52c05110 for 'bzib.nelreports.net': request=603B, response=3859B, lifetime=146ms, firstResponse=21ms, businessLogicDelay=0ms, timeInCache=0ms, in=146ms, out=146ms
2024-01-03T13:37:48.927Z [13216:18120] I [scan] connection:0x21f52c7fdf0 url:http://localhost/ui/css/cssstyles.css flowId:2623825 decision:allowed
2024-01-03T13:37:48.932Z [13216:18120] I [request] connection: 0x21f52c7fdf0 url:http://localhost/ui/remoteserver/remoteserver/0F7B82D25BDCA2425122DA92B664D085.cache.js ip:::1 flowId:2623825 decision:allowed riskLevel: universalCategory:
2024-01-03T13:37:48.981Z [13216:18120] I [scan] connection:0x21f52c7fdf0 url:http://localhost/ui/remoteserver/remoteserver/0F7B82D25BDCA2425122DA92B664D085.cache.js flowId:2623825 decision:allowed
2024-01-03T13:37:49.072Z [13216:18120] I [scan] connection:0x21f52c79ad0 url:http://localhost/js/message_es.js flowId:2623921 decision:allowed
2024-01-03T13:37:49.102Z [13216:18120] I [request] connection: 0x21f52c79ad0 url:http://localhost/ui/css/myriad-pro-n2.woff ip:::1 flowId:2623921 decision:allowed riskLevel: universalCategory:
2024-01-03T13:37:49.103Z [13216:18120] I [request] connection: 0x21f52c7fdf0 url:http://localhost/ui/images/arrow-up-green.png ip:::1 flowId:2623825 decision:allowed riskLevel: universalCategory:
2024-01-03T13:37:49.110Z [13216:18120] I [scan] connection:0x21f52c7fdf0 url:http://localhost/ui/images/arrow-up-green.png flowId:2623825 decision:allowed
2024-01-03T13:37:49.111Z [13216:18120] I [scan] connection:0x21f52c79ad0 url:http://localhost/ui/css/myriad-pro-n2.woff flowId:2623921 decision:allowed
2024-01-03T13:37:49.296Z [13216:18120] I [request] connection: 0x21f52c79ad0 url:http://localhost/ui/images/logo.png ip:::1 flowId:2623921 decision:allowed riskLevel: universalCategory:
2024-01-03T13:37:49.301Z [13216:18120] I [request] connection: 0x21f52c7fdf0 url:http://localhost/favicon.ico ip:::1 flowId:2623825 decision:allowed riskLevel: universalCategory:
2024-01-03T13:37:49.303Z [13216:18120] I [scan] connection:0x21f52c79ad0 url:http://localhost/ui/images/logo.png flowId:2623921 decision:allowed
2024-01-03T13:37:49.308Z [13216:33224] I [scan] connection:0x21f52c7fdf0 url:http://localhost/favicon.ico flowId:2623825 decision:allowed
2024-01-03T13:37:49.387Z [13216:18120] I [request] connection: 0x21f52c7fdf0 url:http://localhost/LSI/Storage/MR/API/1.0/ ip:::1 flowId:2623825 decision:allowed riskLevel: universalCategory:
2024-01-03T13:37:49.391Z [13216:18204] E Response validation failed; an invalid message was sent to the client
2024-01-03T13:37:49.393Z [13216:18200] I [webengine] Closing connection 0x21f52c7fdf0 for 'http://localhost/ui/css/cssstyles.css': request=3064B, response=1249457B, lifetime=789ms, firstResponse=4ms, businessLogicDelay=0ms, timeInCache=27ms, in=324ms, out=788ms, l.eos=788ms, r.eos=788ms
2024-01-03T13:37:51.927Z [13216:18200] I [webengine] Closing connection 0x21f52c7fd90 for 'http://localhost/js/message_en.js': request=565B, response=133318B, lifetime=3326ms, firstResponse=3ms, businessLogicDelay=0ms, timeInCache=3ms, in=16ms, out=17ms, l.eos=3325ms, r.eos=3326ms
2024-01-03T13:37:51.927Z [13216:18200] I [webengine] Closing connection 0x21f52c051d0 for 'http://localhost/': request=2522B, response=15936B, lifetime=3554ms, firstResponse=4ms, businessLogicDelay=0ms, timeInCache=4ms, in=169ms, out=255ms, l.eos=3554ms, r.eos=3554ms
2024-01-03T13:37:51.927Z [13216:18200] I [webengine] Closing connection 0x21f52c79710 for 'http://localhost/js/message_OEM.js': request=566B, response=829B, lifetime=3322ms, firstResponse=6ms, businessLogicDelay=0ms, timeInCache=1ms, in=17ms, out=17ms, l.eos=3321ms, r.eos=3322ms
2024-01-03T13:37:51.927Z [13216:18200] I [webengine] Closing connection 0x21f52c80790 for 'http://localhost/ui/css/gwt.css': request=577B, response=32829B, lifetime=3324ms, firstResponse=3ms, businessLogicDelay=0ms, timeInCache=1ms, in=194ms, out=194ms, l.eos=3323ms, r.eos=3324ms
2024-01-03T13:37:51.928Z [13216:18200] I [webengine] Closing connection 0x21f52c79ad0 for 'http://localhost/js/message_es.js': request=1769B, response=99598B, lifetime=3323ms, firstResponse=4ms, businessLogicDelay=0ms, timeInCache=4ms, in=467ms, out=698ms, l.eos=3322ms, r.eos=3323ms

  • 0 in reply to CrefoHB

    You'll probably have to create some sort of exception -- given it's "localhost" that might be problematic.  I'd start a case with Sophos (a real one, at support.sophos.com).

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent

    Hello, localhost seems not to be the problem, the website does not work on any other computers running Sophos. I will ask our organization to contact the Sophos support.

Unfiltered HTML