This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos endpoint blocking internet traffic via ssl vpn, with gateway enabled.

Good morning folks.
  

   I have a sophos xg 135 firewall, and anti-virus endpoint also from sophos, we are all working in home office, via ssl VPN with client installed on all computers, 
there was a need for a user to access a third party system with our public ip being in your home, I created a specific rule on the firewall and group on the VPN to 
use our public ip as a gateway, so far everything is perfect, everything works, and even on any computer it works with any antivirus, but when I install the sophos 
endpoint antivirus all internet traffic for , only the network continues, I already tried to disable all policies on the endpoint for 4 hours, but I still have access 
to the internet blocked, I tried everything including searches in the forums, and I didn't get anything, I would like help to solve this problem.
 Thank you

This thread was automatically locked due to age.

Parents

0 DianneY over 3 years ago

Hello Martorelli Advogados

Can you please see if stopping any of the Sophos Endpoint Services, for example, the Sophos Web Intelligence service to see if any of these are causing the issue? You did say that you have turned off all of the policies and the issue persists. Please note that Tamper Protection would need to be disabled as well prior to stopping services.

Let us know what may be the offending service. Thanks!
Cancel
Vote Up 0 Vote Down

Cancel

0 Martorelli Advogados over 3 years ago in reply to DianneY

Hello Dianney.

First of all thank you very much for your help. I stopped all services from the sophos endpoint, and disabled the adductor protection as well, and I was unsuccessful.

0 Martorelli Advogados over 3 years ago in reply to DianneY

Hello DianneY.

  That's right, disabling all the options on this screen, still can't connect to the Internet. Disable all services from the service at: services.msc, 
and continue without surfing the internet.

0 DianneY over 3 years ago in reply to Martorelli Advogados

Hello Martorelli Advogados

The Sophos Endpoint Defense Service is still running.

Perhaps do the steps in this KB (while in Safe Mode) to and see if you're able to stop all of the services? Once all of the services has been turned off, see if you can browse?

When you turned off all of the Features in the UI it effectively has turned off Sophos Endpoint.

Ultimately if you're still unable to browse the internet with all services turned off, maybe you can try uninstalling Sophos Endpoint and see if the issue is still there?

If uninstalling seems to keep the issue from occurring or if one of the services (appear to cause the issue), further investigation is needed at that point, please raise a support case and DM me your ticket number so we can follow the progress on the ticket.
Cancel
Vote Up 0 Vote Down

Cancel

0 Martorelli Advogados over 3 years ago in reply to DianneY

Hi Dianney.

Dear. 
 I decided to do the installation from scratch, disable the tamper protection on the control panel, uninstalled the sophos endpoint, and excluded all the 
sophos folders, leaving only the ssl vpn folder, I searched the entire computer and had nothing else on the endpoint, . I connected to the VPN and it worked 
perfectly the way I wanted without any problem, I was able to browse. I restarted the computer, installed the sophos endpoint, restarted the computer again,
 when it came back, a warning appeared in its status and in services.msc, saying that some service was not working, I connected to the vpn and working the way 
I wanted it it is with a public ip of the work, I verified that the service: SOPHOS NETWORK THREAT PROTECTION, was disabled, as soon as I enabled it, the internet 
stopped working by vpn ... In other words, the service that blocks navigation is precisely the: SOPHOS NETWORK TREATH PROTECTION, but I cannot leave this security 
breach, how do I enable this service and be able to use it with the other public IP? can you help me with this? Thank you.

0 Jasmin over 3 years ago in reply to Martorelli Advogados

Hi Martorelli Advogados

Sure, we'll help on this.

Would you please check the user temp folder (%temp%) and confirm if you are able to see the Network Threat Protection installation logs? If not, please check the folder C:\Windows\temp.

We need to check that installation logs of the NTP to know the exact error because of which it is failing.

Regards,

Jasmin
Community Support Engineer | Sophos Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link
Cancel
Vote Up 0 Vote Down

Cancel

0 Martorelli Advogados over 3 years ago in reply to Jasmin

Hello Jasmine.
Thanks in advance for your help.
My biggest problem is that when the ntp is activated my internet browsing stops, but I'm using the office ip as a gateway, and I'm at home, if I use a ssl vpn without the 
office gateway it works, but I need to use the public ip office and not my home, and it only works if I disable ntp.
I found the file: Sophos Network Threat Protection Install Log 20200530 111006.txt How do I send it?

0 Shweta over 3 years ago in reply to Martorelli Advogados

Hi Martorelli Advogados

You can search for the error message under the MSI logs and then paste it over here or you can either PM me or Jasmin the log file to check the error. Also, I would suggest you have a look at this link which refers to different scenarios of "Service not starting" for Sophos Endpoint. You can specifically refer to Network threat protection service not starting as mentioned in the article and see if it helps.

Shweta

Community Support Engineer | Sophos Technical Support
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel

0 Martorelli Advogados over 3 years ago in reply to Shweta

Hello Shweta.
My problem is not the service that does not start, this resolved very quickly, my problem is my internet which is blocked using another public ip by ssl vpn, 
and it only works by disabling this service. Enabling and disabling is easy, I need to know how to solve the internet blocking problem.

0 DianneY over 3 years ago in reply to Martorelli Advogados

Hello Martorelli Advogados

Can you please see if this is applicable to you since you also mentioned that you have SSL VPN:

SSL VPN remote client users are not able to connect due to 3rd party Root CA Sectigo expired
Cancel
Vote Up 0 Vote Down

Cancel

0 Martorelli Advogados over 3 years ago in reply to DianneY

We have two ssl vpn connections:

The 1st ssl vpn to connect the folders on the server, and the public ip is the employee's home, it works on any computer with any anti-virus, nothing is blocked 
everything works perfectly.











 The 2nd ssl vpn is for the employee to connect to the folders on the server and use the public ip of the office and not the ip of his home, and this one after 
connecting, the internet is blocked, on any computer with any antivirus other than the sophos endpoint works. Already on a computer with sophos endpoint the internet 
is blocked, and it only works if I stop the service: SOPHOS NETWORK THREAT PROTECTION, however I need to find out how to get around this problem, I cannot leave this 
service disabled. I can enable this service easily, the problem is that if I enable the internet it doesn't work.

The internet is blocked only by the anti virus sophos endpoint, specifically the service: SOPHOS NETWORK THREAT PROTECTION, This problem does not occur with 
any other anti virus.

0 DianneY over 3 years ago in reply to Martorelli Advogados

Hello Martorelli Advogados

What is the status of this machine in Sophos Central? Does this machine have a Red status? I ask because the machine may be in "Red" health and Allow computers to isolate themselves on red health is enabled in your Threat Protection policy too.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 DianneY over 3 years ago in reply to Martorelli Advogados

Hello Martorelli Advogados

What is the status of this machine in Sophos Central? Does this machine have a Red status? I ask because the machine may be in "Red" health and Allow computers to isolate themselves on red health is enabled in your Threat Protection policy too.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Martorelli Advogados over 3 years ago in reply to DianneY

Status perfect.
Cancel
Vote Up 0 Vote Down

Cancel
0 Jasmin over 3 years ago in reply to Martorelli Advogados

Hi Martorelli Advogados

Would you please provide the Sntpservice.log file from the path "C:\ProgramData\Sophos\Sophos Network Threat Protection\Logs"?

So, we can check if anything is getting logged which is blocking the internet.

Regards,

Jasmin
Community Support Engineer | Sophos Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link
Cancel
Vote Up 0 Vote Down

Cancel

0 Martorelli Advogados over 3 years ago in reply to Jasmin

Good morning Jasmine.
Attached are the logs.

Fullscreen SntpService.log Download

a 2020-05-30T14:10:27.631Z [5176:7276] - ----------------------------------------------------------------------------------------------------
a 2020-05-30T14:10:27.632Z [5176:7276] - Starting version 1.9.2235.0 of the Sophos Network Threat Protection service.
a 2020-05-30T14:10:27.632Z [5176:7276] - ----------------------------------------------------------------------------------------------------
a 2020-05-30T14:10:27.634Z [5176:5952] - On service start
a 2020-05-30T14:10:27.634Z [5176:5952] - Process application information: Available
a 2020-05-30T14:10:27.822Z [5176:5952] - Feature flag 'ips.available' is not enabled
a 2020-05-30T14:10:27.829Z [5176:12508] - By policy and feature flags, IPS is disabled
a 2020-05-30T14:10:27.829Z [5176:12508] - Updated policy, MTD overall: Disabled, C2 detections: Disabled, connection tracking: Disabled, self isolation: Disabled, ips: Disabled
a 2020-05-30T14:10:27.830Z [5176:12508] - By policy and feature flags, IPS is disabled
a 2020-05-30T14:10:27.830Z [5176:12508] - Recalculating isolation: Self isolated: False, Admin isolated: False
a 2020-05-30T14:10:27.837Z [5176:12508] - By policy and feature flags, IPS is disabled
a 2020-05-30T14:10:27.839Z [5176:5720] - Recalculating isolation: Self isolated: False, Admin isolated: False
a 2020-05-30T14:10:27.844Z [5176:7344] - By policy and feature flags, IPS is disabled
a 2020-05-30T14:10:27.844Z [5176:7344] - Recalculating isolation: Self isolated: False, Admin isolated: False
e 2020-05-30T14:10:29.443Z [5176:12508] - Failed to read policy : Cannot load policy - Policy string is empty
a 2020-05-30T14:11:17.904Z [5176:12508] - By policy and feature flags, IPS is disabled
a 2020-05-30T14:11:17.904Z [5176:12508] - Updated policy, MTD overall: Enabled, C2 detections: Enabled, connection tracking: Enabled, self isolation: Disabled, ips: Disabled
a 2020-05-30T14:11:17.906Z [5176:12508] - By policy and feature flags, IPS is disabled
a 2020-05-30T14:11:17.906Z [5176:12508] - Recalculating isolation: Self isolated: False, Admin isolated: False
a 2020-05-30T14:11:17.913Z [5176:12508] - By policy and feature flags, IPS is disabled
a 2020-05-30T14:12:21.127Z [5176: 380] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop software updater\ssuservice.exe' accessed: sn.splashtop.com
a 2020-05-30T14:12:56.640Z [5176: 380] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
e 2020-05-30T14:12:56.773Z [5176:8420] - SAVService is not running
a 2020-05-30T14:12:58.092Z [5176:5952] - On service stop
a 2020-05-30T14:12:58.209Z [5176:7276] - The service has stopped.
a 2020-05-30T14:37:11.615Z [2608:6652] - ----------------------------------------------------------------------------------------------------
a 2020-05-30T14:37:11.633Z [2608:6652] - Starting version 1.9.2235.0 of the Sophos Network Threat Protection service.
a 2020-05-30T14:37:11.633Z [2608:6652] - ----------------------------------------------------------------------------------------------------
a 2020-05-30T14:37:11.635Z [2608:15116] - On service start
a 2020-05-30T14:37:11.636Z [2608:15116] - Process application information: Available
a 2020-05-30T14:37:12.130Z [2608:15116] - Feature flag 'ips.available' is not enabled
a 2020-05-30T14:37:12.153Z [2608:11848] - By policy and feature flags, IPS is disabled
a 2020-05-30T14:37:12.153Z [2608:11848] - Updated policy, MTD overall: Enabled, C2 detections: Enabled, connection tracking: Enabled, self isolation: Disabled, ips: Disabled
a 2020-05-30T14:37:12.155Z [2608:11848] - By policy and feature flags, IPS is disabled
a 2020-05-30T14:37:12.155Z [2608:11848] - Recalculating isolation: Self isolated: False, Admin isolated: False
a 2020-05-30T14:37:12.162Z [2608:11848] - By policy and feature flags, IPS is disabled
a 2020-05-30T14:37:12.168Z [2608:13960] - Recalculating isolation: Self isolated: False, Admin isolated: False
a 2020-05-30T14:37:23.207Z [2608:13960] - Recalculating isolation: Self isolated: False, Admin isolated: False
a 2020-05-30T14:37:32.452Z [2608:15116] - On service stop
a 2020-05-30T14:37:32.572Z [2608:6652] - The service has stopped.
a 2020-05-30T15:37:58.732Z [14776:13864] - ----------------------------------------------------------------------------------------------------
a 2020-05-30T15:37:58.732Z [14776:13864] - Starting version 1.9.2235.0 of the Sophos Network Threat Protection service.
a 2020-05-30T15:37:58.733Z [14776:13864] - ----------------------------------------------------------------------------------------------------
a 2020-05-30T15:37:58.737Z [14776:14436] - On service start
a 2020-05-30T15:37:58.737Z [14776:14436] - Process application information: Available
a 2020-05-30T15:37:58.911Z [14776:14436] - Feature flag 'ips.available' is not enabled
a 2020-05-30T15:37:58.934Z [14776:12500] - By policy and feature flags, IPS is disabled
a 2020-05-30T15:37:58.934Z [14776:12500] - Updated policy, MTD overall: Enabled, C2 detections: Enabled, connection tracking: Enabled, self isolation: Disabled, ips: Disabled
a 2020-05-30T15:37:58.936Z [14776:12500] - By policy and feature flags, IPS is disabled
a 2020-05-30T15:37:58.936Z [14776:12500] - Recalculating isolation: Self isolated: False, Admin isolated: False
a 2020-05-30T15:37:58.942Z [14776:12500] - By policy and feature flags, IPS is disabled
a 2020-05-30T15:38:02.160Z [14776:6844] - Recalculating isolation: Self isolated: False, Admin isolated: False
a 2020-05-30T15:46:52.853Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
a 2020-05-30T15:47:06.895Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-05-30T16:06:38.586Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
a 2020-05-30T16:06:52.852Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
a 2020-05-30T16:29:36.443Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.verisign.com
a 2020-05-30T16:37:07.014Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-05-30T17:13:52.841Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
a 2020-05-30T17:15:48.992Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
a 2020-06-01T11:45:58.309Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
a 2020-06-01T11:45:58.748Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: crl.verisign.com
a 2020-06-01T11:46:00.207Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: csc3-2010-crl.verisign.com
a 2020-06-01T11:46:04.287Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
a 2020-06-01T11:46:05.405Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
a 2020-06-01T11:46:07.032Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
a 2020-06-01T11:46:08.637Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ocsp.digicert.com
a 2020-06-01T11:46:16.495Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
a 2020-06-01T11:46:17.396Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
a 2020-06-01T11:46:18.273Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
a 2020-06-01T11:49:43.070Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
a 2020-06-01T11:50:30.598Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.digicert.com
a 2020-06-01T11:51:34.722Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
a 2020-06-01T11:51:57.061Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: s1.symcb.com
a 2020-06-01T11:51:57.386Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: crl.verisign.com
a 2020-06-01T11:51:57.608Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: crl3.digicert.com
a 2020-06-01T11:51:57.763Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
a 2020-06-01T11:51:58.064Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: crl4.digicert.com
a 2020-06-01T11:51:58.619Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: sv.symcb.com
a 2020-06-01T11:52:16.234Z [14776:13612] - Process: '\device\harddiskvolume5\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe' accessed: officecdn.microsoft.com
a 2020-06-01T11:52:16.304Z [14776:13612] - Process: '\device\harddiskvolume5\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe' accessed: officecdn.microsoft.com.edgesuite.net
a 2020-06-01T11:52:22.474Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\backgroundtaskhost.exe' accessed: ocsp.digicert.com
a 2020-06-01T11:52:40.580Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: officecdn.microsoft.com
a 2020-06-01T11:52:40.747Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: officecdn.microsoft.com.edgesuite.net
a 2020-06-01T11:52:42.174Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: officecdn.microsoft.com
a 2020-06-01T11:52:42.218Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: officecdn.microsoft.com.edgesuite.net
a 2020-06-01T11:53:18.727Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.verisign.com
a 2020-06-01T11:53:29.373Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.comodoca.com
a 2020-06-01T11:53:29.706Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.usertrust.com
a 2020-06-01T11:53:30.202Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.sectigo.com
a 2020-06-01T11:53:48.880Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.digicert.com
a 2020-06-01T11:54:11.058Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.godaddy.com
a 2020-06-01T11:56:43.796Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: crl3.digicert.com
a 2020-06-01T11:57:21.489Z [14776:13612] - Process: '\device\harddiskvolume5\program files\diebold\warsaw\core.exe' accessed: ocsp.globalsign.com
a 2020-06-01T11:58:11.119Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.verisign.com
a 2020-06-01T11:58:39.325Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\common files\java\java update\jusched.exe' accessed: ocsp.digicert.com
a 2020-06-01T11:58:49.227Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\dell backup and recovery\toaster.exe' accessed: www.dbrsupportportal.dellbackupandrecovery.com
a 2020-06-01T11:59:31.379Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: storage.googleapis.com
a 2020-06-01T12:01:23.601Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: dl.delivery.mp.microsoft.com
a 2020-06-01T12:01:23.786Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: 11.tlu.dl.delivery.mp.microsoft.com
a 2020-06-01T12:01:26.527Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: 11.tlu.dl.delivery.mp.microsoft.com
a 2020-06-01T12:01:27.455Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: dl.delivery.mp.microsoft.com
a 2020-06-01T12:01:27.596Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: 2.tlu.dl.delivery.mp.microsoft.com
a 2020-06-01T12:01:27.600Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: 2.tlu.dl.delivery.mp.microsoft.com
a 2020-06-01T12:01:30.146Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: 2.tlu.dl.delivery.mp.microsoft.com
a 2020-06-01T12:01:41.165Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: dl.delivery.mp.microsoft.com
a 2020-06-01T12:01:41.284Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: 2.tlu.dl.delivery.mp.microsoft.com
a 2020-06-01T12:01:41.794Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\olicenseheartbeat.exe' accessed: ocsp.digicert.com
a 2020-06-01T12:02:29.498Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\compattelrunner.exe' accessed: ocsp.digicert.com
a 2020-06-01T12:02:42.835Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: sv.symcb.com
a 2020-06-01T12:03:21.715Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: 2.tlu.dl.delivery.mp.microsoft.com
a 2020-06-01T12:03:21.823Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: 2.tlu.dl.delivery.mp.microsoft.com
a 2020-06-01T12:10:05.660Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.digicert.com
a 2020-06-01T12:12:11.708Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\adobe\acrobat reader dc\reader\acrord32.exe' accessed: acroipm2.adobe.com
a 2020-06-01T12:12:11.708Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\adobe\acrobat reader dc\reader\acrord32.exe' accessed: acroipm2.adobe.com
a 2020-06-01T12:45:23.344Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\firefox 41\pingsender.exe' accessed: ocsp.digicert.com
a 2020-06-01T12:46:53.936Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
a 2020-06-01T12:58:21.010Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
a 2020-06-01T13:46:54.336Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
a 2020-06-01T13:47:10.965Z [14776:13612] - Process: '\device\harddiskvolume5\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe' accessed: ocsp.verisign.com
a 2020-06-01T13:47:17.211Z [14776:13612] - Process: '\device\harddiskvolume5\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe' accessed: s2.symcb.com
a 2020-06-01T13:47:17.679Z [14776:13612] - Process: '\device\harddiskvolume5\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe' accessed: s.symcd.com
a 2020-06-01T13:47:18.083Z [14776:13612] - Process: '\device\harddiskvolume5\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe' accessed: ts-ocsp.ws.symantec.com
a 2020-06-01T13:52:02.353Z [14776:14724] - Feature flag 'ips.available' is not enabled
a 2020-06-01T13:52:02.354Z [14776:14724] - Feature flag 'ips.available' is not enabled
a 2020-06-01T13:58:22.185Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
a 2020-06-01T14:34:23.442Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T14:34:26.317Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T14:35:06.113Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T14:35:11.368Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T14:35:13.334Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T14:35:18.263Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T14:35:20.480Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T14:35:23.166Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T14:35:45.746Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T14:35:50.587Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T14:43:51.457Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T14:48:46.423Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:48:46.796Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: dmd.metaservices.microsoft.com
a 2020-06-01T14:48:47.130Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:48:47.696Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:48:48.113Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:48:48.747Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:48:49.156Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:48:49.637Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:48:50.040Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:48:50.643Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:48:51.156Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:48:51.598Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:48:52.014Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:48:52.447Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:48:52.939Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:48:53.543Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:48:53.946Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:48:54.360Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:48:54.766Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:48:55.258Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:48:55.662Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:48:56.067Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:48:56.472Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:48:57.436Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:48:57.851Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:48:58.264Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:48:58.667Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:48:59.072Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:48:59.566Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:48:59.973Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:00.734Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:01.145Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:01.701Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:02.107Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:02.518Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:02.924Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:03.459Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:03.870Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:04.972Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:05.379Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:05.862Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:06.267Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:06.716Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:07.121Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:07.544Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:08.427Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:08.862Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:09.393Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:09.821Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:10.371Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:10.783Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:11.191Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:11.612Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:12.354Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:12.790Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:13.267Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:13.691Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:14.170Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:14.582Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:16.025Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:16.525Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:16.932Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:17.336Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:17.773Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:18.179Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:18.584Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:18.992Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:19.397Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:19.804Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:20.209Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:20.621Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:49:21.034Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: go.microsoft.com
a 2020-06-01T14:54:16.330Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
a 2020-06-01T15:05:04.144Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
a 2020-06-01T15:33:51.570Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T16:01:56.121Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
a 2020-06-01T16:06:52.499Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T16:08:26.724Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
a 2020-06-01T16:10:05.992Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T16:23:51.828Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T17:08:27.463Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
a 2020-06-01T17:08:59.727Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
a 2020-06-01T17:13:51.987Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T18:03:52.107Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T18:11:02.883Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
a 2020-06-01T18:18:28.564Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
a 2020-06-01T18:53:52.214Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T19:16:52.145Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
a 2020-06-01T19:18:29.285Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
a 2020-06-01T19:41:31.167Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
a 2020-06-01T19:43:52.309Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T20:02:48.252Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T20:02:51.544Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T20:14:25.325Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T20:14:33.589Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T20:24:34.217Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T20:24:39.065Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T20:25:03.131Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
a 2020-06-01T20:31:04.800Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
a 2020-06-01T20:33:52.530Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T20:54:14.489Z [14776:12500] - By policy and feature flags, IPS is disabled
a 2020-06-01T20:54:14.489Z [14776:12500] - Updated policy, MTD overall: Enabled, C2 detections: Enabled, connection tracking: Enabled, self isolation: Disabled, ips: Disabled
a 2020-06-01T20:54:14.490Z [14776:12500] - By policy and feature flags, IPS is disabled
a 2020-06-01T20:54:14.491Z [14776:12500] - Recalculating isolation: Self isolated: False, Admin isolated: False
a 2020-06-01T20:54:14.505Z [14776:12500] - By policy and feature flags, IPS is disabled
a 2020-06-01T20:58:38.995Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
a 2020-06-01T20:58:52.598Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
e 2020-06-01T20:58:57.622Z [14776:15020] - SSP request has expired, query: 000002B719BE1480
a 2020-06-01T21:00:00.630Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
a 2020-06-01T21:00:22.594Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T21:03:16.832Z [14776:12500] - By policy and feature flags, IPS is disabled
a 2020-06-01T21:03:16.833Z [14776:12500] - Updated policy, MTD overall: Enabled, C2 detections: Enabled, connection tracking: Enabled, self isolation: Disabled, ips: Disabled
a 2020-06-01T21:03:16.834Z [14776:12500] - By policy and feature flags, IPS is disabled
a 2020-06-01T21:03:16.834Z [14776:12500] - Recalculating isolation: Self isolated: False, Admin isolated: False
a 2020-06-01T21:03:16.842Z [14776:12500] - By policy and feature flags, IPS is disabled
a 2020-06-01T21:06:52.660Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T21:06:54.336Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
a 2020-06-01T21:08:43.985Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
a 2020-06-01T21:08:52.651Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T21:28:29.310Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
a 2020-06-01T21:31:55.563Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
a 2020-06-01T21:58:52.756Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T21:59:28.565Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: storage.googleapis.com
a 2020-06-01T22:31:56.463Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
a 2020-06-01T22:32:17.657Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
e 2020-06-01T22:32:22.760Z [14776:15020] - SSP request has expired, query: 000002B719B99640
e 2020-06-01T22:32:32.358Z [14776:15020] - SSP request has expired, query: 000002B719B99640
a 2020-06-01T22:35:34.052Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: www.msftconnecttest.com
a 2020-06-01T22:35:41.923Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
a 2020-06-01T22:35:52.841Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T22:36:35.684Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
a 2020-06-01T22:36:52.850Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:05:09.619Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:05:13.536Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:05:15.040Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:05:48.629Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:05:51.526Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:05:54.214Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:26:52.976Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:27:31.023Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:27:32.949Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:27:42.903Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:29:24.157Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:29:24.710Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:30:53.373Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:30:56.376Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:30:58.844Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:31:00.984Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:31:02.498Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:31:03.879Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:31:05.360Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:31:07.171Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:31:09.686Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:31:12.281Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:31:14.592Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:31:32.842Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:31:37.187Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:31:57.581Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:32:24.200Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:32:38.158Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:32:40.794Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:32:44.001Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:32:45.439Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:33:01.744Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:33:27.959Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:34:13.468Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:34:27.198Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:34:33.081Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:35:05.645Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:35:09.997Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:35:12.510Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:35:21.051Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-01T23:36:38.965Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
a 2020-06-02T10:57:36.010Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
a 2020-06-02T10:57:39.320Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
a 2020-06-02T10:57:42.495Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
a 2020-06-02T10:57:57.677Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
a 2020-06-02T10:58:00.477Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
a 2020-06-02T10:58:04.673Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
a 2020-06-02T10:58:25.603Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
a 2020-06-02T11:06:16.718Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
a 2020-06-02T11:06:24.098Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
a 2020-06-02T11:09:43.625Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: crl3.digicert.com
a 2020-06-02T11:11:29.398Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\dell backup and recovery\toaster.exe' accessed: www.dbrsupportportal.dellbackupandrecovery.com
a 2020-06-02T12:01:55.469Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
a 2020-06-02T12:04:27.915Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\scpbrad\scpbradserv.exe' accessed: ocsp.godaddy.com
a 2020-06-02T12:06:32.970Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: ctldl.windowsupdate.com
a 2020-06-02T12:10:01.836Z [14776:13612] - Process: '\device\harddiskvolume5\windows\system32\svchost.exe' accessed: storage.googleapis.com
a 2020-06-02T12:15:29.507Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
a 2020-06-02T12:16:37.919Z [14776:13612] - Process: '\device\harddiskvolume5\program files (x86)\splashtop\splashtop remote\server\srmanager.exe' accessed: st2-v3-dc.splashtop.com
a 2020-06-02T12:23:14.850Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-02T12:23:20.877Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-02T12:23:37.164Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-02T12:23:38.658Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-02T12:23:40.708Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-02T12:23:42.203Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-02T12:23:44.564Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115
a 2020-06-02T12:23:46.904Z [14776:13612] - Process: '\device\harddiskvolume5\users\erf\appdata\local\ie tab\13.4.8.1\ietabhelper.exe' accessed: 192.168.0.115

0 Shweta over 3 years ago in reply to Martorelli Advogados

Hi Martorelli Advogados

Unfortunately, there are no such errors/information from which we can derive what exactly is blocking. However, on the Central dashboard or under event logs do you see any errors/ information related to this issue? Some internal websites based on web applications (or other web technologies) will perform loop-back connections. Are there any exclusions added under the policy? Wireshark logs would be more helpful in this scenario.

Shweta

Community Support Engineer | Sophos Technical Support
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel

0 Martorelli Advogados over 3 years ago in reply to Shweta

No warning or error really appears, neither in the central sophos nor in any type of log, the internet simply stops. I did tests by opening the cmd pinging 
several sites, and as soon as I connect to the vpn, less than 1 minute later the internet stops working, no ping anymore works for any type of site. As it was
 already detected that it is the ntp that makes this block, I would like the help to create some policy in the central sophos, to exclude from the scan only the
 connection with the public ip of the office, is this possible? I've been studying this, but I haven't been able to succeed. Can you help me ?

0 emmosophos over 3 years ago in reply to Martorelli Advogados

Hello Martorelli,

In your Firewall Rule for the client that is using SSL VPN as full tunnel, could you please select GREEN under Synchronized security Minimum source HB permitted.

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 Martorelli Advogados over 3 years ago in reply to Jasmin

Good morning Jasmine.

Today I made some attempts, the logs I am sending you were generated after the attempts.

1004.SntpService.log
Cancel
Vote Up 0 Vote Down

Cancel
0 Shweta over 3 years ago in reply to Martorelli Advogados

Hi Martorelli Advogados

This would require in-depth troubleshooting along with Wireshark logs. As the logs provided, does not provide ant specific error with NTP causing the issue.

Shweta

Community Support Engineer | Sophos Technical Support
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel