Sophos Endpoint Web Control did not block blacklisted URL



we're trying to use Sophos Central for Enterprise Web Control feature but it seems did not work as intended

we tried to block Web Emails and tried typing the URL directly and hit enter, then it seems it blocked.

however if we access with valid ID then click MAIL icon, it didn't block the URL.


from here, i can refresh the page without problem even when Sophos Endpoint Events shows "" was blocked for my users

i tried to disable cache, but i can still refresh the page normally


anyone can provide advise how to fix this?

Thank You


  • Hello Sophos User1929,

    first of all, I don't have a solution.

    I could reproduce this (not with Central but with SESC though this shouldn't make a difference). What seems to happen is the following: resolves to the same addresses as that serves the various images on the Yahoo pages. The browser leaves the connection open a reuses it for the request to As Web Control can't inspect the HTTPS stream it can't detect that the request goes to a blocked URL.
    I tested my assumption by idling on the page until netstat showed that the connection to s.yimg,com/ and subsequently I get the expected Secure connection failed (or your browser's equivalent) when clicking on the icon.

    Might be a deliberate and clever move by Yahoo 


  • In reply to QC:

    hi QC,


    Thank you for detailed information

    at least i can tell that my Sophos Endpoint still working as "intended"

    hopefully there's something Sophos can do here


    currently trying the same thing with Gmail, at least it didn't behave like that