This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Antivirus Scanning Interfering with Pandora.

Sophos UTM9 running Firmware version:  9.702-1.  Issue:  Pandora streaming frequently skips or stops playing on Android devices while connected to LAN.

Detail: I've never seen this before. Behind the Sophos UTM, tablets and smartphones running the last two versions of Android will skip/jump through Pandora songs or not play altogether. Moving any of the devices to another network allows them to function normally.   Testing has revealed that it's the Sophos UTM Antivirus scanning.  With antivirus scanning OFF, Pandora streams as normal.  With antivirus scanning ON, Pandora skips songs, jumps and often fails to stream.  Antivirus scanning set to Single scan (max performance)

After the issue was determined to be the AV. Pandora was put in the Filtering Options Exception list. Skipping "Antivirus / Sandstorm" for  This allows streaming with AV ON and alleviates ~70% of the skipping/jumping -> But Does Not Solve The Issue Completely.

Solution Desired:  Please assist me with leaving Antivirus ON for security but writing better Exception Rule(s) to allow Pandora to stream unimpeded. 

This thread was automatically locked due to age.
Parents Reply Children
  • BAlfson;

    Thank you for your interest. Hope this helps!   The Android smartphone was at "" and it was skipping every song on Pandora.

    2020:05:11-19:23:44 portal httpproxy[26802]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="" dstip="" user="" group="" ad_domain="" statuscode="204" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0x8526a00" url="" referer="" error="" authtime="0" dnstime="2516" aptptime="94" cattime="354" avscantime="0" fullreqtime="54282" device="0" auth="0" ua="Dalvik/2.1.0 (Linux; U; Android 6.0.1; Nexus 5 Build/M4B30Z)" exceptions="" category="177" reputation="trusted" categoryname="Content Server" country="United States"
    2020:05:11-19:23:45 portal httpproxy[26802]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="" dstip="" user="" group="" ad_domain="" statuscode="204" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0x8526a00" url="" referer="" error="" authtime="0" dnstime="1" aptptime="435" cattime="324" avscantime="0" fullreqtime="105994" device="0" auth="0" ua="Dalvik/2.1.0 (Linux; U; Android 6.0.1; Nexus 5 Build/M4B30Z)" exceptions="" category="177" reputation="trusted" categoryname="Content Server"


    2020:05:11-19:25:59 portal httpproxy[26802]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="" dstip="" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="5655" request="0x8916700" url="" referer="" error="" authtime="0" dnstime="1" aptptime="404" cattime="373" avscantime="0" fullreqtime="283765" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,fileextension,size,patience"


  • Well, those all look like the traffic passed, so I guess we'll need to look for other lines, we're looking for ones with  statuscode="4xx" or "5xx".

    Cheers - Bob

    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Follow up on Bob's suggestion you can narrow your log activity by check only for "log blocked pages" located edit filter action / additional options / activity logging.  Then open live log and start playing Pandora and narrow your search with filter focus on and hopefully you should see the blocked traffic only.


    Good Luck

  • BAlfson, Bob;


    Does this help?


    2020:05:13-19:37:39 portal httpproxy[26802]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="" dstip="" user="" group="" ad_domain="" statuscode="416" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0x867e700" url=" referer="" error="" authtime="0" dnstime="912" aptptime="4796" cattime="358" avscantime="0" fullreqtime="60500" device="0" auth="0" ua="Pandora/2003.2 Android/6.0.1 hammerhead (ExoPlayerLib1.5.14.1)" exceptions="" category="177" reputation="neutral" categoryname="Content Server" country="United States" content-type="application/octet-stream" reason="range"
    2020:05:13-19:37:40 portal httpproxy[26802]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="" dstip="" user="" group="" ad_domain="" statuscode="416" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xcc4aca00" url=" referer="" error="" authtime="0" dnstime="825" aptptime="7560" cattime="364" avscantime="0" fullreqtime="68530" device="0" auth="0" ua="Pandora/2003.2 Android/6.0.1 hammerhead (ExoPlayerLib1.5.14.1)" exceptions="" category="177" reputation="neutral" categoryname="Content Server" country="United States" content-type="application/octet-stream" reason="range"
    2020:05:13-19:37:40 portal httpproxy[26802]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="" dstip="" user="" group="" ad_domain="" statuscode="416" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xd9056000" url=" referer="" error="" authtime="0" dnstime="1029" aptptime="7090" cattime="460" avscantime="0" fullreqtime="56361" device="0" auth="0" ua="Pandora/2003.2 Android/6.0.1 hammerhead (ExoPlayerLib1.5.14.1)" exceptions="" category="177" reputation="neutral" categoryname="Content Server" country="United States" content-type="application/octet-stream" reason="range"
    2020:05:13-19:37:41 portal httpproxy[26802]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="" dstip="" user="" group="" ad_domain="" statuscode="416" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xd11f7500" url=" referer="" error="" authtime="0" dnstime="858" aptptime="3870" cattime="269" avscantime="0" fullreqtime="90449" device="0" auth="0" ua="Pandora/2003.2 Android/6.0.1 hammerhead (ExoPlayerLib1.5.14.1)" exceptions="" category="177" reputation="neutral" categoryname="Content Server" country="United States" content-type="application/octet-stream" reason="range"
    2020:05:13-19:37:43 portal httpproxy[26802]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="" dstip="" user="" group="" ad_domain="" statuscode="416" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xe09e8300" url=" referer="" error="" authtime="0" dnstime="1161" aptptime="7300" cattime="502" avscantime="0" fullreqtime="80917" device="0" auth="0" ua="Pandora/2003.2 Android/6.0.1 hammerhead (ExoPlayerLib1.5.14.1)" exceptions="" category="177" reputation="neutral" categoryname="Content Server" country="United States" content-type="application/octet-stream" reason="range"
    2020:05:13-19:37:46 portal httpproxy[26802]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="" dstip="" user="" group="" ad_domain="" statuscode="416" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xfe2bc00" url=" referer="" error="" authtime="0" dnstime="1150" aptptime="7201" cattime="505" avscantime="0" fullreqtime="194704" device="0" auth="0" ua="Pandora/2003.2 Android/6.0.1 hammerhead (ExoPlayerLib1.5.14.1)" exceptions="" category="177" reputation="neutral" categoryname="Content Server" country="United States" content-type="application/octet-stream" reason="range"
    2020:05:13-19:37:46 portal httpproxy[26802]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="" dstip="" user="" group="" ad_domain="" statuscode="416" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0x9975100" url=" referer="" error="" authtime="0" dnstime="1071" aptptime="7185" cattime="448" avscantime="0" fullreqtime="196981" device="0" auth="0" ua="Pandora/2003.2 Android/6.0.1 hammerhead (ExoPlayerLib1.5.14.1)" exceptions="" category="177" reputation="neutral" categoryname="Content Server" country="United States" content-type="application/octet-stream" reason="range"
    2020:05:13-19:37:48 portal httpproxy[26802]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="" dstip="" user="" group="" ad_domain="" statuscode="416" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdacb8a00" url=" referer="" error="" authtime="0" dnstime="1176" aptptime="7271" cattime="507" avscantime="0" fullreqtime="186190" device="0" auth="0" ua="Pandora/2003.2 Android/6.0.1 hammerhead (ExoPlayerLib1.5.14.1)" exceptions="" category="177" reputation="neutral" categoryname="Content Server" country="United States" content-type="application/octet-stream" reason="range"
    2020:05:13-19:37:50 portal httpproxy[26802]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="" dstip="" user="" group="" ad_domain="" statuscode="416" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xcb778e00" url=" referer="" error="" authtime="0" dnstime="1105" aptptime="7296" cattime="508" avscantime="0" fullreqtime="170551" device="0" auth="0" ua="Pandora/2003.2 Android/6.0.1 hammerhead (ExoPlayerLib1.5.14.1)" exceptions="" category="177" reputation="neutral" categoryname="Content Server" country="United States" content-type="application/octet-stream" reason="range"
    2020:05:13-19:37:52 portal httpproxy[26802]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="" dstip="" user="" group="" ad_domain="" statuscode="416" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xd9059100" url=" referer="" error="" authtime="0" dnstime="1139" aptptime="7141" cattime="502" avscantime="0" fullreqtime="172228" device="0" auth="0" ua="Pandora/2003.2 Android/6.0.1 hammerhead (ExoPlayerLib1.5.14.1)" exceptions="" category="177" reputation="neutral" categoryname="Content Server" country="United States" content-type="application/octet-stream" reason="range"
    2020:05:13-19:37:52 portal httpproxy[26802]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="" dstip="" user="" group="" ad_domain="" statuscode="416" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xfce5500" url=" referer="" error="" authtime="0" dnstime="1153" aptptime="7203" cattime="474" avscantime="0" fullreqtime="181989" device="0" auth="0" ua="Pandora/2003.2 Android/6.0.1 hammerhead (ExoPlayerLib1.5.14.1)" exceptions="" category="177" reputation="neutral" categoryname="Content Server" country="United States" content-type="application/octet-stream" reason="range"
    2020:05:13-19:37:54 portal httpproxy[26802]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="" dstip="" user="" group="" ad_domain="" statuscode="416" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xa73c000" url=" referer="" error="" authtime="0" dnstime="808" aptptime="6201" cattime="371" avscantime="0" fullreqtime="175930" device="0" auth="0" ua="Pandora/2003.2 Android/6.0.1 hammerhead (ExoPlayerLib1.5.14.1)" exceptions="" category="177" reputation="neutral" categoryname="Content Server" country="United States" content-type="application/octet-stream" reason="range"
    2020:05:13-19:37:56 portal httpproxy[26802]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="" dstip="" user="" group="" ad_domain="" statuscode="416" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xd11f8a00" url=" referer="" error="" authtime="0" dnstime="1246" aptptime="7316" cattime="487" avscantime="0" fullreqtime="179711" device="0" auth="0" ua="Pandora/2003.2 Android/6.0.1 hammerhead (ExoPlayerLib1.5.14.1)" exceptions="" category="177" reputation="neutral" categoryname="Content Server" country="United States" content-type="application/octet-stream" reason="range"
    2020:05:13-19:37:57 portal httpproxy[26802]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="" dstip="" user="" group="" ad_domain="" statuscode="416" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0x99cb100" url=" referer="" error="" authtime="0" dnstime="246" aptptime="7110" cattime="574" avscantime="0" fullreqtime="104566" device="0" auth="0" ua="Pandora/2003.2 Android/6.0.1 hammerhead (ExoPlayerLib1.5.14.1)" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,fileextension,size,patience" reason="range"
  • That's what we needed - reason="range" - that breaks ant-virus scanning.  If this is a home-use situation, you might just want to create an anti-virus Exception for the entire Pandora netblock,  If a business, I would use DNS Group definitions for the FQDNs being blocked.  Then again, maybe changing the Exception for * to * would resolve this.

    The last line is not for the, but for a subdomain of and it already qualified for an AV Exception.  If you're using the Proxy in Standard mode, you will want to skip the Proxy for * in your browser.  If in Transparent, I bet you're stuck with skipping the entire subnet.

    Please let us know your result.

    Cheers - Bob

    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • This is for an adult-only home situation, and after doing some reading, I'm rethinking my question somewhat.

    I really don't want to block any content, or websites, or enforce any safe search.  The only reason I turned on the filtering at all was to:

    1) Enable Antivirus,

    2) Block spyware infection and communication, and

    3) Block dangerous extensions.

    So what do you gentlemen suggest for web filtering?  Standard or Transparent?  And how should I write the one and only custom exception I appear to need for


  • That's a great post!  Virtually everyone asks why their solution doesn't work and never offers an insight into what they wanted to have happen.  I didn't even have to ask - refreshing!

    I would use a Web Filtering Profile in Standard with the default Profile in Transparent.  In the Transparent Mode Skiplist, skip the entire subnet.  In browsers that allow you to skip the Proxy for * and *, configure to use the UTM as an explicit proxy.  Now, Pandora will work on all your devices and those that use Standard mode will skip the the Proxy for the fewest IPs.

    Cheers - Bob

    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA