Hi,
The last couple of days we have seen a large amount of activity on our firewall with all our endpoints attempting to create a direct connection to a variety of amazon hosted IP addresses on port 443. As we have no direct access to the internet from our client devices (all internet traffic goes through our proxy) the firewall is blocking all these requests. I have found out that the traffic is being generated by ssp.exe, I am assuming as part of the Sophos Live Protection. It looks like ssp.exe is not using the proxy settings.
I've checked the value of HKLM\SOFTWARE\Sophos\SavService\SophosPoxy\SophosProxy and it looks the same as the user proxy that is pushed out via GPO.
I've checked the logs of the proxy server and there are no attempted connections that correspond with the timing of ssp.exe connection attempts.
This has only started in the last couple of days, so has something changed? Is there a way to configure ssp.exe to use the proxy server for its internet access?
I would like to get this sorted as presumably whilst its not using the proxy the live protection is not working correctly.
Thanks
This thread was automatically locked due to age.