New user to Sophos Central/InterceptX, finding my way around most of it, but a bit puzzled with blocked websites.
Using base policies etc, when a user tries to access a site deemed "dodgy" (pornhub.com for instance) they just get a standard network connected failed type of error, as if the site does not exist.
How do I setup Sophos so it displays some sort of notification to say its being blocked on purpose ? I can see a lot of helpdesk tickets being raised for "website not working" whereas if they at least get a notification, it gives them so guidance and info before contacting me.
I've not read all the docs yet so an answer prob is in there somewhere, but I need to get this sorted ASAP before we go nuts
We are currently working on HTTPs inspection and its not turned on by default and is still in EAP for a lot of accounts. To turn it on, go to Global Settings> SSL/TLS decryption of HTTPS websites
Hello there,Thank you for reaching us, to understand further about the website blocking notification you may refer to this documentation. For windows devices A notification pop-up will be displayed, or the browser will show a page detailing the content blocked or warned. HTTPS websites will show a message Website cannot be found and no toast notification will be displayed
Website cannot be found
That link just gave me same info you posted............
Why no toast/popup for HTTPS sites ? Considering thats what most websites are now, seems bit backwards. And confusing for end users and frustrating for IT support as we'll have to check every single website we get told "isnt working" to see if its actually down or just being blocked :-/
If you have access to this - then you can turn it on and HTTPs blocks will generate a block page instead of the website not found display. If you don't see that setting available, you can choose to enroll in the New Endpoint Protection Features EAP to access it (Click on your name in upper right > Early Access Programs)
Unless the endpoint is configured to decrypt and scan SSL/TLS connections, all it can do is throw up a website not found because we stop the page load but have no way of injecting a new page into the connection.
Program Manager, Support Readiness | CISSP | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS AlertsIf a post solves your question use the 'Verify Answer' link.