Sophos Web Intelligence Service

Hi JoeLansing

It is a pity you are not authorized to use the cloud scanning. It has a lot of benefits.

But on the other hand it is very good to hear that a company has policies in place and it is being enforced.

You can disable the plugin in the browser depending. I have only tested it with IE.

As there is no apparent way to uninstall, I would recommend phoning Sophos support to assist further.

Hope this helps. :)

I contacted them.  There isn't any way to block it from running.  Even if I turn it off via the registry, Sophos turns it back on during policy enforcment.   The bandwidth usage of 600+ computers doing cloud scanning is something we don't want. or need.  Multi engine scanning on the firewall and more scanning on the proxy is enough.  Tossing cloud scanning on top of that is plain wasteful not to mention the performance degredation to both the PC's and the company wide internet.

Hello,

I'm aware this is an old thread, however I have been contacted by a customer who has come accross this thread and queried whether these statements are indeed correct (this thread will still appear in search engines etc, so I would like to clarify the matters discussed to prevent any misinformation

1) You can certainly disable Web Intelligence

2) You can certainly disable cloud scanning

I have my Anti-Virus and HIPS policy set to:

Block access to malicious websites: Off

Download scanning: As on access

I still see Sophos Web Intelligence Service installed on all of my computers.  What does it do?  Am I forced to deploy it, even if we don't use it?  Can I get rid of it?

My goal is to not bog down our network using cloud scanning, and to not bog down our PCs by running unneeded services on them.  I'm also not allowed to send data to Sophos by our company policy = no cloud scanning. 

-  Joe

In order to disable the Web Protection feature fully, you must set Download Scanning: Off

Presumably you have on-access scanning turned on right? As it's the most crticially important feature of the software to have on for security reasons, if so, then web intelligence will replicate that, and thus, be turned on. Meaning web intelligence is turned on also.

Tol fully disable this, you must set your AV and HIPS policy to have block access to malicious websites and download scanning off. Then, once the policy has pushed out to your clients, they must be rebooted and this will fully unload the LSP (Layered Service Provider in your Winsock catalog) that is used for the web intelligence feature. 

Indeed if you simply wish to disable this feature due to conflicts with certain websites etc, then you can add under "Authorization" in your AV and HIPS policy particular sites, or even IP address ranges (so you could for example, set authorization for anything in the 172.16.0.0 range with and 255.255.0.0 subnet mask to not be scanned if you were using IP cameras or another locally hosted application that used a web based interface) or indeed you can add domain names to block entire public web sites from being blocked. There are certain programs that are incompatible with the web protection feature (mainly firewalls and such), a full list is found our the Sophos website.

I contacted them.  There isn't any way to block it from running.  Even if I turn it off via the registry, Sophos turns it back on during policy enforcment.   The bandwidth usage of 600+ computers doing cloud scanning is something we don't want. or need.  Multi engine scanning on the firewall and more scanning on the proxy is enough.  Tossing cloud scanning on top of that is plain wasteful not to mention the performance degredation to both the PC's and the company wide internet.

Live Protection can indeed be disabled, if you open up your Anti-Virus and HIPS policy, and select "Sophos Live Protection", you will see a tick box to either have ticked or unticked, to enable or disable the Sophos Live Protection feature.

What this does is send queries to cloud servers to check that files and sites etc. are safe, it's an extra means of protection.

If you do find that it is detrimental to your network however due to additional traffic (there will be many many DNS queries to sophosxl) then by all means disable it, the on-access scanning and web protection features are very robust tools for securing your network. Simply untick the box and push out the policy to disable this feature.

Hope this helps :smileyvery-happy:

I see this running in SQL Server.  How do I get this off SQL server?

Thank you for your post, the web intelligence service along with web intelligence update service is installed on every installation of Sophos Endpoint Security and Control, you can disable the Sophos LSP via policy as Jon Graham has advised or disable locally using Sophos article - http://www.sophos.com/en-us/support/knowledgebase/116970.aspx 

The key is that the service will not be performing actions unless the LSP is enabled and either download or block access is set to on.

Hope this helps.