This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to avoid risky download exe warning on specific website in Sophos Central Endpoint Protection

Using Sophos Central Endpoint Protection I have configured Policies > Web Control > Additional Security Options > Block Risky Downloads > Risky Filetypes > Windows Executable as "Warn" in order to make users think twice before downloading executable files.

I am now trying to implement an exception for a specific website/url where I actively want users to be able to download an exe without a warning (plus the warning is not displaying properly anyway due to framing on that webpage?)

I have tried setting a custom control for the specific website by Global Settings > Website Management and adding the website domain, selecting category as Download (?) and a creating a custom tag, and then going back to Policies > Web Control > Control Sites Tagging in Web Management to set the custom tag as Allowed.

However after applying the updated Web Control policy the print client exe is still triggering a warning.

How can I implement an exception to my Risky Filetypes Executable Warning policy?

Paul

This thread was automatically locked due to age.

Parents

0 Casey Moore over 5 years ago

So its been nearly 10 months since this question was asked, did any resolution come of it?

This would be really nice, cause warning my users about ever document they pull off the company intranet is just making it to where they are ignoring the message all together.

Which is not what I want.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Casey Moore over 5 years ago

So its been nearly 10 months since this question was asked, did any resolution come of it?

This would be really nice, cause warning my users about ever document they pull off the company intranet is just making it to where they are ignoring the message all together.

Which is not what I want.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Barb@Sophos over 5 years ago in reply to Casey Moore

Hello Casey Moore,

Could you please provide more information regarding your Central settings for the Web Control policy?
Also, can you please provide some examples of what is being affected?

Here's some documentation that might help:

ConfigureWebControl

How to exempt a website

Regards,

Barb@Sophos
Community Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 Casey Moore over 5 years ago in reply to Barb@Sophos

Hi Barb,

Currently I am using a web control policy configured with the Additional Security Options, to block/warn for exe,msi,and pdfs.

However despite specifying a tagged website within the policy as "allow" documents accessed from the site are still blocked/warned.

The Additional Security Options appear to be separate from the Web tagging.

Edit: Also after some testing the first web control policy a user hits that has the Additional Security Options configured is the settings that apply to a user.

regardless of what sites are configured in website management. Essentially that setting does not "Waterfall"
Cancel
Vote Up 0 Vote Down

Cancel
0 Gowtham Mani over 5 years ago in reply to Casey Moore

Hi Casey Moore,

If possible, Can you please PM the site and the files that you are trying to access from the website? We would try recreating it in my lab environment and see what exactly is happening here.

Regards,

Gowtham Mani
Community Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 Alguth Gogekl over 5 years ago in reply to Gowtham Mani

Hello!

Was there any solution for this?

We are looking at the exact same situation - our users are warned when downloading content from the Intranet... (e.g. finished exes from the build server)

Thank you!
Cancel
Vote Up 0 Vote Down

Cancel
0 Paul Warren over 5 years ago in reply to Alguth Gogekl

I moved my deployment website to https which is not checked/blocked.

Paul
Cancel
Vote Up 0 Vote Down

Cancel
0 Alguth Gogekl over 5 years ago in reply to Paul Warren

Thank's Paul!

We'll do the same then and report back. But anyhow - this is not a real solution @Sophos!
Would be nice to add a exception list inside the policy...
Cancel
Vote Up 0 Vote Down

Cancel
+2 jak over 5 years ago in reply to Alguth Gogekl

You can exclude the server by IP and it will not block/warn or anything which seems OK at least for Intranet sites.

https://central.sophos.com/manage/config/settings/scanning-exclusions
Add the IP as a website.

You can also make the exclusion in a threat protection policy rather than globally if needed.

Regards,

Jak
Cancel
Vote Up 0 Vote Down

Cancel
0 Paul Warren over 5 years ago in reply to jak

Thanks Jak - that seems to work. (Just over a year to get a working answer!)

Paul
Cancel
Vote Up 0 Vote Down

Cancel
0 Casey Moore over 5 years ago in reply to jak

THANK YOU!!!!

It was one of the first things I tried but I did it by hostname, which didn't work.
Cancel
Vote Up 0 Vote Down

Cancel