This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG is contacting whatfix.com when I change firewall rules

I noticed that when using the GUI, and do some changes to rules or policies, that in bottom left corner of my browser there is "waiting for whatfix.com".

So it seems the XG is sending information to that website. Why is it doing this? What data is transferred? And how can I disable that?

Running Browser Inspections this is shown:

Even Javascript is downloaded! Why?

This thread was automatically locked due to age.

Top Replies

EdmundSackbauer over 2 years ago in reply to Wayne Folta +5

"But the XG is not in contact with the server, your web browser is." That is true, however the problem is that I am logged in as admin with my browser. There is javascript downloaded from an external URL…

Parents

+1 Peter-Paul Gras over 2 years ago

As far as i can see Sophos assistant is powered by Whatfix.com (https://en.wikipedia.org/wiki/Whatfix)

(Block access tot Whatfix.com and the Sophos Assistant does no longer function, simple test)

SFVH (SFOS 20.0.0 GA-Build222) - Last (re)boot on November 6th 2023

Asus H410i-plus - Pentium 6605 Gold - 250GB M.2 PCIe NVMe SSD - 8GB - 3 ports

[If any of my posts are helpful to you please use the 'Verify Answer' link]
Cancel
Vote Up +1 Vote Down

Cancel
0 EdmundSackbauer over 2 years ago in reply to Peter-Paul Gras

Wow that seems to open up to completely new hacks ;)
If whatfix.com gets hacked youre doomed.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 EdmundSackbauer over 2 years ago in reply to Peter-Paul Gras

Wow that seems to open up to completely new hacks ;)
If whatfix.com gets hacked youre doomed.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 LuCar Toni over 2 years ago in reply to EdmundSackbauer

You should cpntact Sophos here: https://www.sophos.com/en-us/legal/sophos-gdpr

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 2 years ago in reply to LuCar Toni

Given this info, Sophos should consider making the Assistant an item that can be easily disabled.... It is a cool feature but this does introduce some new attack vectors (some outside of anyone's control).

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Sophos Platinum Partner

--------------------------------------

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up +1 Vote Down

Cancel
0 Wayne Folta over 2 years ago in reply to BrucekConvergent

I'm thinking it might be that Sophos could have processes SC that monitor the contents of included code or destinations of links, etc, and sends a kill signal to XGS's if they detect a change that was not coordinated with Sophos. But that might be too iffy.

So a switch in the XG to turn it off would allow folks to make their appropriate tradeoff of security and ease-of-use.

We, of course, have the option to block outbound communications to whatfix.com, either through the XG, or endpoint, or other laptop firewall software. I've stopped it that way, but an actual switch would be nicer. And now that I think of it, I wonder if my fix has caused slight glitches in the rest of the interface... Hmmm...
Cancel
Vote Up 0 Vote Down

Cancel