Hi, I have a question regarding blocking files:
I would like to block read/write access to specific file and/or file type on Endpoints. Can Sophos do this? Seems Data Control can only do part of this job.
Thanks in advance.
Hi,
The data control policy doesn't currently provide this capability. If network file permissions aren't enough [puts on sales man hat] you may want to consider file based encryption to provide an additional layer of security. The relevant Sophos products would be either PrivateCrypto or LanCrypt depending upon the level of key management required.
http://www.sophos.com/products/enterprise/encryption/safeguard-lan-crypt/
http://www.sophos.com/products/enterprise/encryption/safeguard-privatecrypto/
Out of interest what type of files are you looking to protect?
Best regards,
John
Thanks for your answer.
Basically I want to block end users from accessing some files such as .mp3, .rmvb, etc. and also some other applications which are not in Sophos Application Control list.
I have two additonal questions:
1) In Application Control, if I want to block an application which is not in Sophos list, is it possible? Seems it is not easy to do that.
2) In HIPS and Anti-Virus policy, can I manually add some files as suspicious files?
Thanks in advance.
Hi,
We are planning to add custom application control in a future release so it is on our roadmap. Obviously we'll also continue to extend the scope of the definitions provided by SophosLabs. There are significant updates coming for the media player (all the main P2P streaming apps) and encryption tool categories over the next couple of months. In the meantime requests for additional identities should be sent to appcontrol@sophos.com. Please also include a download link for the software you would like to see controlled.
At the moment AV/HIPS doesn't allow you to manually add suspicious files. I would recommend sending a sample to SophosLabs: http://www.sophos.com/support/knowledgebase/article/51120.html
Thanks,
John
Hi
Apologies for digging up a two-year-old thread, but this is the first discussion that appears when I google for this... Which might already answer the following question, but here goes: Is custom application control available yet?
We have a lot of .swf games doing the rounds on our network which can't be blocked with group policy, and Sophos is *really* close to being able to cover this for us with Application Control, except that we can't add our own defs. The supplied ones seem vague and a potentially too all-encompassing ("flash game" for instance).
We have sent samples to SophosLabs before and I got the distinct impression that writing defs for nuissance apps wasn't a priority... I never heard back once the sample was sent even though a support ticket had been raised for it.
Have I missed an update or is this still 'on the roadmap'?
Cheers
Chris
Hi Chris,
With regard to custom application control. This is still a high priority item for Sophos because of the obvious use case which you describe. At present, there is no schedule for its development unfortunately so i can't provide you with more details than that.
Regarding swf games. There is a technical issue why Sophos' Application Control cannot currently block such games. That is because our identities are written to identity characteristics of executables and block them. SWF files in themselves are not executable, rather they run via a flash enabled program (Internet Browser etc..) . This means that we cannot block them (at present at least).
Regarding further applications that you submit, Sophos will look at and consider all application requests. If you'd like to follow up on your case, just reply to the support email that you were sent with the case ID listed in the subject line.
Many thanks,
DK
We had real hopes that you would include the custom application control 2 years ago. This is one of our gripes for a long time since we've been using Sophos to prevent nuisance applications. The problem with us submitting the application is that it might be a nuisance for us but not for other users, and could potentially create problems with you blocking it suddenly.
We've been using Sophos enterprise for at least 5 years now and we hope we don't have to drop it for another product because of a feature that can be found in almost any other enterprise AV software.
