This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web protection is no longer functional. The filtering driver has been bypassed or unloaded [0xa058000c] Windows 10 1703

I have an open ticket with Sophos about this issue popping up on about 17 machines that were just recently updated to Windows 10 1703 from Windows 10 1607. Tried the following KB 114350 with Zero luck in getting this resolved. I have tried Uninstalling and Reinstalling both manually on the console, and through the "Protect Computers" option within the Enterprise Console.  Even created a Group with the recommended policies as suggested within the KB article with no luck on that either. going to http://sophostest.com/malware/index.html to test and verify the machines are protected results in the website not being blocked. Looking for any ideas that might help resolve this issue once in for all. 

 

Thank you,

 

Jamie



This thread was automatically locked due to age.
  • The new update did not thing to fix this issue.

    10.7.6.128 is deployed to 99.9% of all of our endpoints.

    Why this even generates an error is confusing as we are not using the Web Controls.  The default policy for it is not enabled.

    Can anyone validate that this web protection error is tied to the Web controls and doesn't put the endpoints a risk?

     

    I have just decided to check the SEC regularly select all of the errors and Acknowledge.

  • The functionality the check is testing implements the following features:

    • Web Protection
      • Content Scanning  (F1)
      • Malicious website lookups  (F2)
    • Web Control (F3)

    Not the exact names of the features but these are the 3 features (F1, F2, F3) that utilise the functionality being checked.

    Note: by default content scanning is set to mirror on-access, i.e. if on-access scanning is enabled so is Content scanning but you can turn it off.

    It's only when the last one of the 3 features above are disabled does the component not check. 

    On Windows 7 and 2008R2, you will need to reboot once disabled all features for the features to be totally disabled.

    The Web Protection features are key security features, Web control on the other hand is just that, more to control users browsing.

    Regards,

    Jak

  • So that means with the on going Web protection is no longer functional errors the end-points are being put at risk.

    Has any one had any success at getting this error resolved or are you having the same random end pint affected like I am.

  • Well on the Windows 10 platform, I believe the check runs 5 mins after startup and then every hour.  The executables that perform the check (swi_lspdiag_64.exe and swi_lspdiag.exe) are launched from the swi_service.  This is detailed in the first activity of the thread.

    I think it's a case of the checks can work, work, work, fail, work but I don't think the final work clears the previous fail message.

    You can test if web protection/control is working at any time by going to:
    http://www.sophostest.com/

    For example: http://www.sophostest.com/malware will test malicious website lookups.

    http://www.sophostest.com/eicar will test content downloads.

    http://www.sophostest.com/adult will test web control if you're blocking/warning on the Adult category.

    Regards,

    Jak