3CX DLL-Sideloading attack: What you need to know

Parents Reply Children
  • PS2: Keep an eye for Facebook / sites + Firefox with DPI: https://support.sophos.com/support/s/article/KB-000042276?language=en_US


  • Hi,

    currently using DPI for my various access in IP4 and IPv6 rules. The devices I have tested so far are my wife's MAC Air MI running latest firefox and accessing facebook, no apparent issues with my general testing.

    Ipad using FB app and other activities all works vey well.

    MAC Mini intel - appears to have fixed a lot of failing connection issues part the way through downloads from a photo album site and the downloads are very quick eg faster than I can scroll down to see if any entries have failed. Waiting for TOR browser to connect or fail. It has been trying for about 10 minutes so far - should be blocked.

    Question, has the new DPI engine been fixed to work with mail scanning, I will test myself later.

    Tomorrow's and the following days reports will be interesting to see what the date fix has done to the reported data.


    There is a tradeoff with using the DPI engine in that you still need web proxy to achieve web site blocking as per the warning when you disable http proxy.

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

    added comment about still needing web proxy to block some websites.
    [edited by: rfcat_vk at 10:28 AM (GMT -7) on 15 Jul 2021]
  • What a good update!

    I've enabled back again "security.tls.enable_delegated_credentials", and Firefox is working flawless with Facebook now. (With TLS Decryption.)

    Another thing I noticed, there is much less random TLS errors with Firefox now.


    If a post solves your question use the 'Verify Answer' button.

    XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.

  • What about the Performance? Can you reflect some improvements? 


  • I'm a Home User, but doing some generic (flawed) testing the most noticeable thing is TPS, currently It's much faster than v18.0.

    While doing TLS Decryption over a local Nginx server using TLS 1.3 and AES256GCM-SHA384, on a 1 Byte file, the TLS transaction per second went from ~13.200 to around ~18.600. But there's no difference on raw decryption throughput from v18.0.

    Also, the Decryption Limit got lowered on my box, I don't know why; It went from 18.4K to 12.3K.

    For Internet traffic It just "feels faster". (I've didn't looked a lot on this.)

    If a post solves your question use the 'Verify Answer' button.

    XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.

  • The max session is based on RAM available on the Appliance. 


  • One thing, How does the Firewall handles revoked certificates?

    I don't know If this in a issue in my end, but I've never saw a revoked certificate being blocked by the Firewall since v18 EAP.

    This is my Decryption Profile:

    If a post solves your question use the 'Verify Answer' button.

    XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.

  • Revoke Certificates can only be checked, if you have a CRL imported. The Firewall does not import external CRL per default. Personally i would rather invest into OSCP instead. Many products move now to OSCP instead, and Sophos is also looking into this. 


  • Downloaded it yesterday and installing today, when you say performance are you referring to download speeds etc. or UI / system performance?

    I'm applying it to a Dell PowerEdge R210, but also have an Atom based PicoPC unit.