XG is contacting whatfix.com when I change firewall rules

Totally true. The outcome is the same no matter how we state it. But I think the statement should be accurate. The XG is not contacting an external site. The HTTP you get from the XG includes a link to that site and your web browser reaches out, and that opens a potential exploit. True.

All I'm saying is the description's accuracy matters, not just the point that there is a potential problem that the new SFOS introduced.

Given this info, Sophos should consider making the Assistant an item that can be easily disabled.... It is a cool feature but this does introduce some new attack vectors (some outside of anyone's control).

I'm thinking it might be that Sophos could have processes SC that monitor the contents of included code or destinations of links, etc, and sends a kill signal to XGS's if they detect a change that was not coordinated with Sophos. But that might be too iffy.

So a switch in the XG to turn it off would allow folks to make their appropriate tradeoff of security and ease-of-use.

We, of course, have the option to block outbound communications to whatfix.com, either through the XG, or endpoint, or other laptop firewall software. I've stopped it that way, but an actual switch would be nicer. And now that I think of it, I wonder if my fix has caused slight glitches in the rest of the interface... Hmmm...

what kind of action did you take against Sophos? Someone already having a case ID?

I'd create one as soon as we're on the new version next week Adding existing case# to new cases speeds things up.

Disabling that by adding block rules is not what I like.

I also think this has been introduced for new Sophos admins. It is OK but there should be something on GUI to disable it because I see it  as a security issue.

usersnap.com seems to be the same.

Thanks for noting this here.

Can confirm this.

https://widget.usersnap.com
https://cdn.whatfix.com

Are contacted while working on the XG Web GUI. Also both services track your XG with a GUID.

Case ID: 04818805

I was thinking about this feature also to be "in-line with industry best-practices" like mentioned in an announcement about a CLI change coming in SFOS 19?

final answer from Support to my question about a possibility to toggle this Sophos assistant thing on or off was:

"there is a signature available in application filter for whatsfix and usersnap. You can block this from there making application filter policy or rule" "that this is the only secure, convenient and effective way to achieve it."

If you want them to build this feature, more support cases would be needed, I guess.

maybe this is an unintended "fix": Therer is no Sophos Assistant Sidebar if you Login with German language.

I posted a new feature request/idea. Vote it if you like.

As I said above, adding whatfix to a TLS/SSL block rule disables all access.
After logout/log in to the Webadmin the Sophos Assistant sidebar does not show up anymore.