Sophos UTM home edition (running bridge mode)
Firmware version: 9.705-3
Pattern version: 193436
I'm having an odd ball issue with screenconnect where the agent cannot connect back out to screenconnect so I cannot do remote sessions. The agent just keeps retrying. If I disable Decrypt and scan, it'll work just fine.
(I've whitelisted screenconnect.com including domain names.)
2020:12:28-22:33:48 zit-utm httpproxy[25141]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xd1473100" function="read_request_headers" file="request.c" line="1615" message="unable to parse a http message on handler 84 (Success)"
2020:12:28-22:34:08 zit-utm httpproxy[25141]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xd1ca8300" function="ssl_write" file="ssl.c" line="1626" message="SSL_ERROR_SYSCALL: ret=-1 error=Connection reset by peer"
2020:12:28-22:34:08 zit-utm httpproxy[25141]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.1.245" dstip="158.69.124.29" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2" request="0xd1878700" url="">zitstif.screenconnect.com/.../LogInitiatedJoin" referer="">zitstif.screenconnect.com/" error="" authtime="0" dnstime="5" aptptime="161" cattime="0" avscantime="2166" fullreqtime="54588973" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" exceptions="" overridecategory="1" overridereputation="1" sandbox="-" content-type="application/octet-stream"
2020:12:28-22:34:08 zit-utm httpproxy[25141]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.1.245" dstip="158.69.124.29" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="348" request="0xd187aa00" url="">zitstif.screenconnect.com/.../GetGuestSessionInfo" referer="">zitstif.screenconnect.com/" error="" authtime="0" dnstime="0" aptptime="407" cattime="0" avscantime="4123" fullreqtime="54265507" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" exceptions="" overridecategory="1" overridereputation="1" sandbox="-" content-type="text/plain"
2020:12:28-22:34:08 zit-utm httpproxy[25141]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.245" dstip="158.69.124.29" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="45915" request="0xd1ca8300" url="">zitstif.screenconnect.com/.../ConnectWiseControl.Client.exe referer="">zitstif.screenconnect.com/" error="" authtime="0" dnstime="5" aptptime="3393" cattime="0" avscantime="255552" fullreqtime="676166" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" exceptions="" overridecategory="1" overridereputation="1" sandbox="1" content-type="application/x-dosexec"
2020:12:28-22:34:11 zit-utm httpproxy[25141]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.1.245" dstip="52.255.189.153" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="15736" request="0xd1473800" url="">checkappexec.microsoft.com/" referer="" error="" authtime="0" dnstime="34630" aptptime="175" cattime="277" avscantime="0" fullreqtime="270356" device="0" auth="0" ua="" exceptions="av,sandbox,ssl,fileextension,size" category="105" reputation="trusted" categoryname="Business"
2020:12:28-22:34:12 zit-utm httpproxy[25141]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.245" dstip="158.69.124.29" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="23519" request="0xd1470700" url="">zitstif.screenconnect.com/.../ScreenConnect.Client.application referer="" error="" authtime="0" dnstime="3" aptptime="3220" cattime="0" avscantime="25542" fullreqtime="54006693" device="0" auth="0" ua="" exceptions="" overridecategory="1" overridereputation="1" sandbox="-" content-type="text/xml"
2020:12:28-22:34:17 zit-utm httpproxy[25141]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.245" dstip="8.249.123.254" user="" group="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xd13b4000" url="">ctldl.windowsupdate.com/.../disallowedcertstl.cab referer="" error="" authtime="0" dnstime="136139" aptptime="241" cattime="51471" avscantime="0" fullreqtime="254928" device="0" auth="0" ua="Microsoft-CryptoAPI/10.0" exceptions="av,sandbox,ssl,fileextension,size" category="175" reputation="trusted" categoryname="Software/Hardware"
2020:12:28-22:34:17 zit-utm httpproxy[25141]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.245" dstip="8.249.123.254" user="" group="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xd13b4000" url="">ctldl.windowsupdate.com/.../pinrulesstl.cab referer="" error="" authtime="0" dnstime="1" aptptime="319" cattime="49562" avscantime="0" fullreqtime="99435" device="0" auth="0" ua="Microsoft-CryptoAPI/10.0" exceptions="av,sandbox,ssl,fileextension,size" category="175" reputation="trusted" categoryname="Software/Hardware"
2020:12:28-22:34:18 zit-utm httpproxy[25141]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="http_parser_context_execute" file="http_parser_context.c" line="97" message="Unable to parse a http message of 336 bytes (HPE_INVALID_METHOD: invalid HTTP method)"
2020:12:28-22:34:18 zit-utm httpproxy[25141]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xd1089100" function="read_request_headers" file="request.c" line="1615" message="unable to parse a http message on handler 95 (Success)"
2020:12:28-22:34:48 zit-utm httpproxy[25141]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="http_parser_context_execute" file="http_parser_context.c" line="97" message="Unable to parse a http message of 336 bytes (HPE_INVALID_METHOD: invalid HTTP method)"
Has anyone else ran into this issue?
This thread was automatically locked due to age.
