Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Lastpass blocked by application filtering (Block high risk (Risk Level 4 and 5) apps)

Hi Sophos Community,

I was wondering for a while why some of our customers couldn't reach the Lastpass website. Now I have discovered that its being blocked by application filtering with filter "Block high risk (Risk Level 4 and 5) apps". I am aware that I can simply allow Lastpass in the application filtering policy, but I was wondering why Lastpass is listed in this list in the first place? Are there any risks to using Lastpass that I am unaware of?

Also, now that I am diving deeper into this issue, I'm noticing that the applied filter is supposed to block Risk Level 4 and 5 but it does include Lastpass which is risk level 1 that seems odd....

Not sure if I should ask this question on a community post or a support case but I thought I would try the community first.



This thread was automatically locked due to age.
Parents
  • Just checked this on my v19.5GA machine. Lastpass is not part of the filter.

     
    SFVH (SFOS 20.0.0 GA-Build222) - Last (re)boot on November 6th  2023
    Asus H410i-plus - Pentium 6605 Gold - 250GB M.2 PCIe NVMe SSD - 8GB - 3 ports
    [If any of my posts are helpful to you please use the 'Verify Answer' link]
  • Ah I see I just checked my own machine running v19 MR1 build 365 and its not there either. Still not sure why they decided to include Lastpass in a filter for risk lever 4 and 5 maybe it's what Lucar Toni mentioned about security breach(es). Well, I'm going to close this post.

Reply
  • Ah I see I just checked my own machine running v19 MR1 build 365 and its not there either. Still not sure why they decided to include Lastpass in a filter for risk lever 4 and 5 maybe it's what Lucar Toni mentioned about security breach(es). Well, I'm going to close this post.

Children
No Data