The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.


"Wanna" ransomware outbreak. Please see this Sophos article for advice on how to protect your organization. Immediate action recommended.

HTTPS decryption exclusion for splashtop and logmein

I need to be able to exclude Splashtop and logmein from SSL Inspection for them to work. I tried ^[A-Za-z0-9.-]*\.splashtop\.com/ which lets me connect through the client, but I am not able to remote into any machines. I am assuming that is because the remote aspect must be using another URL that is not covered under this expression. Anyone have experience with this one?

 

UPDATE: I found these on splashtop site

  • st2-relay.api.splashtop.com

  • st2.api.splashtop.com
  • *.relay.splashtop.com (including wildcard)

 

This is what I added into the Sophos exclusion list I have created and still does not work

^[A-Za-z0-9.-]*\.relay\.splashtop\.com/

^[A-Za-z0-9.-]*\.splashtop\.com/

st2.api.splashtop.com

st2-relay.api.splashtop.com