This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Sandstorm not working

Hi,

We are using Sophos SG230 UTM having Sandstorm license. UTM is not able to send suspicious files to Sandstorm for analysis. Whenever UTM detects a file as suspicious, it displays following message:

File requires further analysis
The requested file contains suspicious content. It has been sent for further analysis by Sophos Sandstorm.
To see the result of the analysis, and to download your file if it is clean, click the following link:
passthrough.fw-notify.net/.../

When we click on above link, it displays another message showing progress.

Sophos Sandstorm: Analysis in progress
Please wait while your download is analyzed in-depth for malicious behavior by Sophos Sandstorm. This may take several minutes.
If it is not considered malicious, your download will continue automatically.

But after long processing time, browser displayed following message:

Blocked request: Analysis failed
Sophos Sandstorm was unable to complete analysis of this file in a reasonable time.

Sophos support team has checked all the logs, but are unable to identify the problem. Even case has been escalated to Global Support Team but even they are unable to trace the problem after 2 months.

So I thought to post the problem in forum to get some help

Thanks

Hiten

 

 

 



This thread was automatically locked due to age.
  • Hi, Hiten, and welcome to the UTM Community!

    This sounds like a Sandstorm issue with the file, not a UTM issue, so I don't think any of us here can help you.  I suggest pushing Support to escalate even further.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thank you Bob for your reply.

    But this is happening with all the files. Issue already escalated to Global Support Team, Server Team and Development Team from last one month but till now there is no response from their side. They are still working on it. I am wondering why they are taking so much time.

    So just thought that somebody at forum can help me.

    Anyway, awaiting response from Dev & Server team. I hope I receive reply from them very soon.

    Cheers - Hiten

  • Please do let us know the result, Hiten.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA