Sophos Central Endpoint Protection Web Control does not seem to work for youtube.com on Chrome

Hi,

It seems that this it not only a youtube specific Problem. I faced this issue yesterday with all chromium based Browsers. Webcontrol issn´t working with these kind of Browsers.

EDGE Firefox IE and other are working fine.

Hi JerzyT and Ecrook,

I just tested this out on Edge, Firefox and Chrome. All the 3 browsers were blocking access to Youtube.

Can you please enable remote assistance on your Sophos Central account and provide me with the license number in a DM?

Sophos Central Admin: How to enable Remote Assistance

Hi,

My Problem has largley been resolved. Sophos WebControl only supports IE Edge Firefox Safari and Chrome. Other Browser like them are not supported from Sophos even if they  based like Chrome on Chromium.

regards

Hi Yashraj,

Thanks for looking into this . The call I had opened for this issue was closed and Chrome was established to be the culprit. Customer has since decided to use IE on this device instead.

Still it would be interesting to find out if this could be fixed somehow. For the remote access and license - we are MSP and it does not work, at least this is what I was told on some recent calls I had opened.

JT

Hi JT,

I have another call open for this issue ant the support is working for an answer. It seems there is a general Problem with blocking Google Services in Chrome. I will report if i get an answer that will explain the behaviour.

regards

Ecrook

Hi Ecrook,

Thanks, perhaps you will get more info on it than we did.

JT

Hi JT,

We finally figured out what is causing the problems in our infrastructure. As simple stupid as it is after we cleaned the complete Chrome Cache and the Webprotection works as expectet.

Regard´s

Silvio

Hi Silvio,

Was it that simple? I will keep this in mind next time we got this issue. For now we used a different browser. Thanks for the update.

Regards,

JT

Just a two cents but this does feel like it could be down to the Google QUIC protocol which is HTTPS over UDP which cannot be filtered even by UTM/XG web filters (yet) .

When QUIC is blocked, chromium browsers will fallback to TCP and generally blocking and app control will work correctly. Clearing the cache forces Chromium browsers to connect via HTTPS then when they establish the remote server is QUIC capable they switch. So you are now blocking the initial connection which is visible to web control but if you were to turn off webcontrol, connect to youtube and do a bit of surfing on it then turn webcontrol back on i would expect the block to fail again.

In some cases i have actually deployed an outgoing FW rule on windows via GPO to block outgoing 443 UDP to prevent Google QUIC bypassing web filters on devices not behind corp firewalls.

May not be the cause but i have seen this behaviour before.

Emile

Yes it was that simple, at least in our Infrastructur.

I didn´t thought about the cache for a minute because i expected the Chrome Cache is working similiar like all the other browser baches.  But it seems when it comes to Google Services, Chrome has a different behaviour how to handle caching objects.