Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 53562 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Excessive DNS lookups from sophosxl.net

Infusionsoft

I noticed on my DNS server that sophos does a lot of lookups to subdomains on sophosxl.net
We use OpenDNS for our employees, and we were getting to our limit because of this.  I have since moved the querys to googleDNS, but would like some more info on why sophos does so many lookups to these domains.  Is it a reverse DNS lookup to check websites?

1     *.ip.00.s.sophosxl.net  Actions      293,593
2     *.ip.01.s.sophosxl.net  Actions      196,023
3     *.ip.02.s.sophosxl.net  Actions      195,297
                                                          Total 684,913 in one week

:11957


This thread was automatically locked due to age.
  • +2

    These lookups are part of the Sophos Web protection feature. When Block access to malicious websites is enabled Sophos uses these queries to determine whether the site you want to access is known to host malware.

    Similar lookups are used for Live Protection and the associated optional sending of samples. 

    Christian

    :11973
  • 0

    I just came across the same issue SEC 5.1 with 10.2 Clients, we have around 100000 requests to

    http://http.**.s.sophosxl.net and turning off Live protection and / or web-control does NOT fix this issue.

    We have our own List of "Blocked" Websites so we dont want this behaviour and cant seem to get rid of these "online checks".

    :39701
Unfiltered HTML