SSP.exe creating lots of traffic

Question

We have been investigating issues with our firewalls and one thing I noticed is i have been seeing hundred and hundred of hits from ssp.exe to our firewall 
 
 Client base is over 500! 
 These seem to be amazon IP Address, why is it talkign too these and what is ssp.exe?

GaryStarkweather · Answer

We have hundreds of servers on our network so rather than modify hundreds of host files, we added these two zones/addresses to our internal DNS. Now these addresses get blackholed to the 127.0.0.X address range and our firewall drops went from >5000/minute down to ~15/minute. This is a real problem that Sophos needs to address ASAP. Our firewall was being stressed by these excessive drops not to mention the disk space these firewall logs were taking up! 
 We do not allow our servers access to the Internet not even via our proxy so this SSP issue needs to be resolved. We have tried turning off SSP but it appears to restart itself.

Aditya Patel · Answer

HI ALL , 
 Our servers is located in AmazonAWS as we are using their services, We would need to Bypass Authentication for same for these URLs , as for Proxy settings you may follow the Steps below to pick up from IE. 
 
 Follow the instructions in the Microsoft article Change proxy server settings in Internet Explorer . If you cannot access Internet Explorer:

Click Start , type Control Panel in the search field and then click Control Panel .

The Control Panel window appears. Click Network and Internet and then click Internet Options . If you are using XP or lower, click Network and Internet Connections and then click Internet Options .

In Change proxy server settings in Internet Explorer , begin from step 3 and follow the instructions.

Click Start and type Command Prompt in the search field. Right-click Command Prompt and then click Run as administrator .

In Command Prompt , type netsh winhttp import proxy source =ie and then press Enter.

Click Start and type services.msc in the search field. Right-click services.msc and then click Run as administrator .

In Services , click Sophos AutoUpdate and t hen click Restart . Repeat this action for Sophos MCS Agent , Sophos MCS Client , and Sophos System Protection . 
 
 You may refer the KB article 119263 for additional information, When the SSP failed to connect it would retry for every 30 seconds . Also Enable Verbose logining and Private message me if you still face the issue and if needed raise a Service request . If you have already raised the service request , Kindly private message me the Service Request . 
 Thanks and Regards 
 Aditya Patel