Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Authentication Client for Remotedesktopserver / Citrix ( SATC) for Chromiumbased Browser >= Version 84

Hello, 

now its more than six month that SATC didnt work with chromium bases Browser line New MS Edge and Chrom Version >= 84.

Sophos support stated that we should use Version < 84 wich is full of know vulnerablitys. 

https://support.sophos.com/support/s/article/KB-000038634?language=en_US .

and they say more than six Month there will be a new Client version released but this didnt happen.

a Migration to Firefox isnt a solution too.

We are paying for the full Feature Support but the Support didnt give a good Solution.

I am I the only one with the SATC problem?



This thread was automatically locked due to age.
Parents
  • Stef_An, you are not the only one experiencing this problem.  I am the one who identified the issue, which first appeared in variants of Chrome v72 as early as February 2019.  I'm also the one who opened the support case with the Chromium group referenced in the Sophos KB article, and got the Chromium group to add the ForceInNetworkProcess flag to alleviate the problem.  At the time, I was advised by the Chromium Dev Group that the fix was only temporary and at some point in the future all chromium-based browsers would no longer support the Win32 network stack.  Software, like SATC which hooks the Win32 network stack, would no longer work.  Back in February of 2019, I advised Sophos of this and facilitated direct communication between Sophos and Chromium engineers.  So, Sophos has had over two years to address this issue.  Yes, the fundamental architecture of SATC is flawed.  Hooking the Win32 network stack is not a viable option.  But, this is something Sophos has known for a long time.  They have chosen to ignore the issue and allow the temporary workaround provided by the Chromium Group between v72 and v83 to expire.  Now we're two major releases of the browser behind current, and still nothing is fixed.  Yes, this is a re-write and complete re-thinking of the entire SATC product, but Sophos has had ample time to come up with a solution.

    I understand this is something on the roadmap for H1 2021.  My question is what is it?  How will it work?  If you can't hook the Win32 network stack, what will you do to identify users?  Will this be a direct replacement for SATC or some new software with its own set of issues and implementation challenges?  Two years and only waiting.  I'd like to know from a technical standpoint what's planned.  Support for firewall authentication on terminal services is an absolute must for our organization, and our future with Sophos depends on it.

  • Perhaps it would be appropriate to develop a universal authentication client (to be installed both on desktops and terminal servers) and separate authentication from the antivirus side (part of "syncronized security") - perhaps collaborating directly with Microsoft...
    This way you could have a single tool instead of STAS and SATC.

    In addition, not all companies adopt a unique security system (Perimeter Security and Endpoint Security of the same vendor).

Reply
  • Perhaps it would be appropriate to develop a universal authentication client (to be installed both on desktops and terminal servers) and separate authentication from the antivirus side (part of "syncronized security") - perhaps collaborating directly with Microsoft...
    This way you could have a single tool instead of STAS and SATC.

    In addition, not all companies adopt a unique security system (Perimeter Security and Endpoint Security of the same vendor).

Children
No Data