Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
Although I had enabled "Filter avoidance apps" (app control) as well as SSL inspection, Tor Browser managed to connect to the internet. As Sophos support told me on the phone, this problem seems to be known.
Are there any experiences here in blocking Tor Browser reliably?Maybe more steps are necessary to block, like outlined here for another manufacturer?
I have been ablate stop downloading the tor browser using the application and web policies. I created my own web url group and added torproject.org to it. Then I added that to my 'block bad stuff' policy and while I can access the tor site, I cannot download the tor browser.
I have not installed tor browser so I cannot tell if this approach stops the tor browser from connecting. Also there was a post by one the Sophos Devs about tuning the IPS settings to assist with blocking tor.
In reply to rfcat_vk:
I removed my web block and installed tor browser on my MBP running Mojave latest version.
I was unable to connect using tor browser with wand without setting up the proxy bypass int per browser. It failed to connect to two different IP addresses.
I have application and web policies using standard XG supplied lists.
On my side, after starting Tor Browser, the process is stuck at stage "Establishing an encrypted directory connection" and it seems that blocking works. When I then press "Cancel" and press "Connect" in the following screen, then Tor connects successfully to the internet. Also when I choose "Configure" and check "Tor is censored in my country" and choose a bridge under "select a built-in bridge", the Tor connects sucessfully also.What's happening on your side if you do these steps?
In reply to Sacha Roland:
I tried many different combinations and all failed. Direct connection, using proxy, using bridge, using proxy and bridge.