Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 38 replies
  • Subscribers 12 subscribers
  • Views 99430 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

9.4 Endpoint Web Protection is NOT working

RickDunsirn

I've noticed that after a clean install of 9.4, Endpoint Web Protection logs are not populating on my UTM and my endpoints (Windows 10) appear to be able to surf anywhere without any protection.  The Sophos Agent shows Web Control enabled, but it is not blocking sites that it's supposed to.  I'll reiterate, I have cleanly installed 9.400-9 and have refreshed from scratch the Endpoint Protection and I'm still seeing the issue (this was not an upgrade...after the upgrade, this failed as well, so I did everything from scratch and still see the issue).  My endpoints are showing up just fine under Endpoint Protection on the gateway and the antivirus appears to be working, just not the web protection.  Here is a sample of the Endpoint Protection Logs:

2016:03:25-10:11:27 rickshome epsecd[10282]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2016:03:25-10:11:27 rickshome epsecd[10282]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="-1"
2016:03:25-10:13:15 rickshome epsecd[10282]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2016:03:25-10:13:15 rickshome epsecd[10282]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="-1"
2016:03:25-10:15:03 rickshome epsecd[10282]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2016:03:25-10:15:03 rickshome epsecd[10282]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="-1"
2016:03:25-10:17:46 rickshome epsecd[10282]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2016:03:25-10:17:46 rickshome epsecd[10282]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="-1"
2016:03:25-10:19:04 rickshome epsecd[10796]: I main::_log:435() =>  severity="info" sys="System" sub="eplog" name="curl_base_url: e53611b9-7d74-339e-b3f2-4e2addb92ca2-wdx-7d74.broker.sophos.com/.../"
2016:03:25-10:19:34 rickshome epsecd[10282]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2016:03:25-10:19:34 rickshome epsecd[10282]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="-1"
2016:03:25-10:19:35 rickshome epsecd[10282]: I id="4233" severity="info" sys="System" sub="epsecd" name="Sending data to Sophos LiveConnect to sync UTM Web Policy Changeset"
2016:03:25-10:19:38 rickshome epsecd[10282]: I id="4213" severity="info" sys="System" sub="epsecd" name="User triggered changes in webadmin"
2016:03:25-10:22:21 rickshome epsecd[10282]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2016:03:25-10:22:21 rickshome epsecd[10282]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="-1"
2016:03:25-10:23:16 rickshome epsecd[10282]: I id="4233" severity="info" sys="System" sub="epsecd" name="Sending data to Sophos LiveConnect to sync UTM Web Policy Changeset"
2016:03:25-10:23:19 rickshome epsecd[10282]: I id="4213" severity="info" sys="System" sub="epsecd" name="User triggered changes in webadmin"
2016:03:25-10:24:12 rickshome epsecd[10282]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2016:03:25-10:24:12 rickshome epsecd[10282]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="-1"

I do see the reports coming in, but I'm a little bit concerned on the "-1" for acknowledgement.

Any ideas on what I can do next?  If you need more information, please let me know!


This thread was automatically locked due to age.
Parents
  • 0

    You mentioned Windows 10 clients are having the issue... Do you have any older versions of Windows and are they behaving properly?

    Also, did you have any issues prior to moving to 9.4? It's hard to tell if this related to Win10 or UTM 9.4.

  • 0 in reply to Dlabun

    This very well could be.  I do know it worked on Windows 10 at one time (have several clients on Windows 10 and it worked fine on multiple versions of 9.3 from September, 2015 -- February, 2016)...but stopped working back in February on version 9.355.  I am doing more testing and have found the following:

    1.)  I have one Windows 10 box that was working and I have never "uninstalled" the client agent.  I have installed OVER the client agent when I installed the new 9.4 from scratch.  The directory structure on that box under C:\ProgramData\Sophos\Web Control\Policy shows that there is a policy there (there are files in that directory), but it doesn't appear to be updating when I make changes to the web content filter.   No Web Control logs are getting to Sophos, however.

    2.)  I have another Windows 10 box that is brand new.  I installed the 9.4 client agent on that box from scratch.  The directory structure under C:\ProgramData\Sophos\Web Control\Policy shows nothing.  It's almost like the policy can't get into the directory or it isn't updating for some reason?

    I will try to spin up a Windows 7 box and see if I have the same issues.  I do know the Sophos Endpoint Cloud works fine on Windows 10 (tried and installed this and it worked just great), just not the endpoint web control service using the UTM.

    Another thing I have found... I just downgraded my UTM to 9.351 and I still am experiencing the same issues!  Either something changed in Windows 10 that is blocking endpoint web control policy changes or something changed on the Sophos server side and how it communicates with the agent.

    I'll continue to research!

  • 0 in reply to RickDunsirn
    Windows 10 did break most security programs so I wouldn't be surprised if it was the culprit. If you have the interest the latest Windows 10 beta does contain fixes related to antivirus programs.
  • 0 in reply to Dlabun

    Just another tidbit of information.  I did install the Sophos Cloud-based Home Security agent on one of my Windows 10 boxes and it appears to be working just fine.  The directory structure is pretty much the same as the Sophos UTM Endpoint Agent (C:\ProgramData\Sophos\Web Control\Policy) and it is fully populated with policy files.  If it is using a similar software engine as the UTM Endpoint Agent, Windows 10 doesn't seem to be an issue.

    I am spinning up a Windows 7 box right now to check to see if this works with the UTM Endpoint Web Protection.

  • 0 in reply to RickDunsirn

    Just loaded my Windows 7 box and installed the Sophos Endpoint Agent.  Same exact issue.  No files are populating under C:\ProgramData\Sophos\Web Control\Policy and Web Protection is not working.  Also am not seeing Web Protection logs on the UTM.  It appears this is something on Sophos' side (either with the agent, the UTM code or the Sophos Update site issue).  Please let me know if you need any more information to help debug this.  

  • 0 in reply to RickDunsirn

    It does appear to be an issue with either the Sophos client or the UTM firmware. This is a home license, correct?

  • 0 in reply to Dlabun

    That is correct...home license.

  • 0 in reply to RickDunsirn

    I will attempt to reproduce the issue on my test environment... If I get the same issue I can open a ticket to Sophos. 

    From poking around the forum it looks like other people started reporting this issue on 9.355... If you're willing, you could install 9.354 and see if works correctly. That will at least indicate if it's a UTM firmware issue.

  • 0 in reply to Dlabun

    Thanks much for trying to reproduce the issue in your environment.  If you need my backup file, I'd be willing to send that to you as well.

    I noticed this issue in 9.355 as well.  I actually did move back to 9.351 this past weekend and still had the same issues, which is odd.  It's almost like the cloud based service changed in some way that broke endpoint web protection altogether.  Endpoints running web protection previous to this issue still work just fine because the policy file is still populated (it doesn't get touched).  In fact, I still have a PC today that still blocks websites in my ruleset because it has the policy list still in the directory space (and my ruleset hasn't changed).  If I were to completely remove the Sophos agent and re-install, the policy file never loads to the machine and all sites are allowed.  In other words, people may not notice this issue until they add new clients or go out looking for endpoint web protection logs.

  • 0 in reply to RickDunsirn

    I noticed it broken in some previous version (recent) of UTM as well.. .but I did not open a support case.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply
  • 0 in reply to RickDunsirn

    I noticed it broken in some previous version (recent) of UTM as well.. .but I did not open a support case.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children
  • 0 in reply to BrucekConvergent

    This particular issue really has me interested because I was considering rolling out Sophos Endpoint Protection to replace our current Symantec licenses. Symantec is literally masquerading their consumer AV software with a separate UI for business users. To make local admin changes they actually have you launch the consumer UI. I'll report back once I get a test case up and running.

  • 0 in reply to Dlabun

    Since you're considering replacing Symantec, your reseller and Sophos Sales likely will get a sharp pre-sales support engineer on this, and those guys have the quickest access to get developer attention.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    My reseller has been trying to get Sophos Sales to acknowledge the fact that I want a quote and there's been no response from Sophos.
  • 0 in reply to Dlabun
    What browser are you using on Windows 10? Microsoft Edge has previous had some issues with our 'Web in Endpoint' filtering LSP but has been fixed in the latest version of Cloud Endpoint, I think on Prem but I'm unsure of UTM Endpoint. Have you tested with another browser? Also, what do the Web Filtering logs said on the UTM? As if the devices are all on your network currently, the Web Filtering log should be showing access requests and results.

    ==

    When in doubt, Script it out.

  • 0 in reply to AzRoN

    If on the client you enable trace logging does that help shed some light on the issue?

    For example, under...

    64-bit: hklm\software\wow6432node\sophos\web intelligence\

    32-bit: hklm\software\sophos\web intelligence\

    ...if you create a new DWORD called loglevel and set it to 3.

    Restart the Sophos Web Intelligence service you will get a number of logs.  The one of interest here would be the swisdiag.log under \windows\temp\.  This is the trace log of the swi_service.

    I would suggest once collected you delete the log level DWORD and restart the computer.  After restart remove all swi logs that have been created under: %temp% and \windows\temp\

    Hope it helps,

    Jak

  • 0 in reply to AzRoN

    I am using Chrome and Firefox...I would never use Microsoft's browsers! :-)  Just kidding.  This doesn't appear to be an issue with the browser as I am not getting any policy whatsoever on my endpoint under the endpoint directory:  C:\ProgramData\Sophos\Web Control\Policy.

    Also, there are NO endpoint web filtering logs at all...totally empty.  There ARE web filtering logs for people on my network, but none for the endpoints reporting back.

  • 0 in reply to jak

    I will try this later on and will post my results...thanks!

  • 0 in reply to RickDunsirn

    This is a snippet of the logs I'm getting with the registry key value set to "3" for loglevel.  This seems to repeat over and over.  If there is a better way to show this (or attach it), please let me know!  I do see a failure to register, but again, this is a brand new install on a brand new system with a brand new UTM installation.

    v 16040814384024 swi_service.exe:004108:0009c4 validating index data f702de4d9f8106dde79bf7cb1a2c053dd170525c with signature 456e37b1b3366da33734b7cea06ed3a6abb551b4 [WebControlSync.cpp:313 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814384024 swi_service.exe:004108:0009c4 [SymmetricKey d6 77 2f 3f 42 a7 50 d1 8f a3 d5 d5 7a 32 ea 46 ec be d9 69].decrypt(sha1=32121f191aa858f85633a20bf157c4ddc0efd381) [SophosSymmetricKey.cpp:244 Sophos::SymmetricKey::decrypt]
    v 16040814384024 swi_service.exe:004108:0009c4 decrypted sha1=af006394ac52ffb2e15e3aef5418c254535825fe [SophosSymmetricKey.cpp:156 Sophos::SymmetricKey::impl::decrypt]
    v 16040814384024 swi_service.exe:004108:0009c4 Successfully decrypted keyinfo.dat from disk [WebControlCrypto.cpp:301 reginfo::reginfo]
    v 16040814384024 swi_service.exe:004108:0009c4 [Sophos::PublicKey 3c 40 57 81 a0 ea f5 b9 9b eb 61 f8 66 27 ff 78 91 04 12 87].validate(f702de4d9f8106dde79bf7cb1a2c053dd170525c, signature=456e37b1b3366da33734b7cea06ed3a6abb551b4 [SophosPublicKey.cpp:352 Sophos::PublicKey::validate]
    v 16040814384024 swi_service.exe:004108:0009c4 [SymmetricKey d6 77 2f 3f 42 a7 50 d1 8f a3 d5 d5 7a 32 ea 46 ec be d9 69].decrypt(sha1=32121f191aa858f85633a20bf157c4ddc0efd381) [SophosSymmetricKey.cpp:244 Sophos::SymmetricKey::decrypt]
    v 16040814384024 swi_service.exe:004108:0009c4 decrypted sha1=af006394ac52ffb2e15e3aef5418c254535825fe [SophosSymmetricKey.cpp:156 Sophos::SymmetricKey::impl::decrypt]
    v 16040814384024 swi_service.exe:004108:0009c4 Successfully decrypted keyinfo.dat from disk [WebControlCrypto.cpp:301 reginfo::reginfo]
    v 16040814384024 swi_service.exe:004108:0009c4 Failed to validate index signature using server key [Sophos::PublicKey 3c 40 57 81 a0 ea f5 b9 9b eb 61 f8 66 27 ff 78 91 04 12 87]. Does the endpoint need to re-register? [WebControlCrypto.cpp:301 reginfo::reginfo]
    e 16040814384024 swi_service.exe:004108:0009c4 Policy: invalid index err:0 [WebControlSync.cpp:1083 WebControlSync::handlePolicyResponse]
    v 16040814384024 swi_service.exe:004108:0009c4 sync failure on primary server: attempting fallback... [WebControlSync.cpp:895 WebControlSync::startFallback]
    v 16040814384024 swi_service.exe:004108:0009c4 [SymmetricKey d6 77 2f 3f 42 a7 50 d1 8f a3 d5 d5 7a 32 ea 46 ec be d9 69].decrypt(sha1=32121f191aa858f85633a20bf157c4ddc0efd381) [SophosSymmetricKey.cpp:244 Sophos::SymmetricKey::decrypt]
    v 16040814384024 swi_service.exe:004108:0009c4 decrypted sha1=af006394ac52ffb2e15e3aef5418c254535825fe [SophosSymmetricKey.cpp:156 Sophos::SymmetricKey::impl::decrypt]
    v 16040814384024 swi_service.exe:004108:0009c4 Successfully decrypted keyinfo.dat from disk [WebControlCrypto.cpp:301 reginfo::reginfo]
    v 16040814384024 swi_service.exe:004108:0009c4 fallback URL:e53611b9-7d74-339e-b3f2-4e2addb92ca2-wdx-7d74.broker.sophos.com/ [WebControlSync.cpp:493 WebControlSync::makeUrl]
    v 16040814384024 swi_service.exe:004108:0009c4 Signing X-Sophos-Filter header contents: e53611b9-7d74-339e-b3f2-4e2addb92ca2-wdx-7d74.broker.sophos.com/wdx/policy/index.txt [WebControlSync.cpp:513 WebControlSync::signedFilterHeader]
    v 16040814384024 swi_service.exe:004108:0009c4 [SymmetricKey d6 77 2f 3f 42 a7 50 d1 8f a3 d5 d5 7a 32 ea 46 ec be d9 69].decrypt(sha1=32121f191aa858f85633a20bf157c4ddc0efd381) [SophosSymmetricKey.cpp:244 Sophos::SymmetricKey::decrypt]
    v 16040814384024 swi_service.exe:004108:0009c4 decrypted sha1=af006394ac52ffb2e15e3aef5418c254535825fe [SophosSymmetricKey.cpp:156 Sophos::SymmetricKey::impl::decrypt]
    v 16040814384024 swi_service.exe:004108:0009c4 Successfully decrypted keyinfo.dat from disk [WebControlCrypto.cpp:301 reginfo::reginfo]
    v 16040814384024 swi_service.exe:004108:0009c4 [SymmetricKey 3b 15 7d 59 3c 1e e2 65 25 ff 69 11 1e 9d 66 f9 1a e7 a2 bc].sign(sha1=dd2294ecea9a85a7f9a2d75640c9933ea515e7b1) [SophosSymmetricKey.cpp:251 Sophos::SymmetricKey::sign]
    v 16040814384024 swi_service.exe:004108:0009c4 signature sha1=3bdb711e168957d1e07f5eecf67e34176263aa4a [SophosSymmetricKey.cpp:174 Sophos::SymmetricKey::impl::sign]
    v 16040814384024 swi_service.exe:004108:0009c4 Signed WDX header: X-Sophos-Filter: 566b1ba59834da6e4d8ad204efe44d8e7e10a873 [e53611b9-7d74-339e-b3f2-4e2addb92ca2-wdx-7d74.broker.sophos.com/wdx/policy/index.txt] [WebControlSync.cpp:543 WebControlSync::signWdxRequestHeaders]
    v 16040814384024 swi_service.exe:004108:0009c4 [PROXY:DIRECT] Policy: GET e53611b9-7d74-339e-b3f2-4e2addb92ca2-wdx-7d74.broker.sophos.com/.../index.txt [WebControlSync.cpp:640 WebControlSync::startPolicy]
    v 16040814384024 swi_service.exe:004108:0009c4 Resetting failure count and fallback timer. [WebControlSync.cpp:829 WebControlSync::httpEventCallback]
    I 16040814384025 swi_service.exe:004108:00034c 20160408 143840.259 T0000034c ------ 4 - sxl3_process_timeouts(), request (id=4051) got cleaned up\n [oem-log.cpp:29 oem_log]
    I 16040814384029 swi_service.exe:004108:000f48 20160408 143840.290 T00000f48 ------ 3 - Processing request=172\n [oem-log.cpp:29 oem_log]
    I 16040814384029 swi_service.exe:004108:000f48 20160408 143840.290 T00000f48 ------ 3 - Queueing request 172\n [oem-log.cpp:29 oem_log]
    I 16040814384029 swi_service.exe:004108:0008e4 20160408 143840.290 T000008e4 ------ 3 - Processing request=172, 00AE92B0\n [oem-log.cpp:29 oem_log]
    v 16040814385645 swi_service.exe:004108:0009c4 Policy response: event=3; status=200 [WebControlSync.cpp:1058 WebControlSync::handlePolicyResponse]
    v 16040814385645 swi_service.exe:004108:0009c4 Policy: got 1536 bytes (MORE coming) [WebControlSync.cpp:1069 WebControlSync::handlePolicyResponse]
    v 16040814385645 swi_service.exe:004108:0009c4 Resetting failure count and fallback timer. [WebControlSync.cpp:829 WebControlSync::httpEventCallback]
    I 16040814385645 swi_service.exe:004108:000f48 20160408 143856.458 T00000f48 ------ 3 - Queueing request 172\n [oem-log.cpp:29 oem_log]
    I 16040814385645 swi_service.exe:004108:000ac4 20160408 143856.458 T00000ac4 ------ 3 - Processing request=172, 00AE92B0\n [oem-log.cpp:29 oem_log]
    v 16040814385652 swi_service.exe:004108:0009c4 Policy response: event=3; status=200 [WebControlSync.cpp:1058 WebControlSync::handlePolicyResponse]
    v 16040814385652 swi_service.exe:004108:0009c4 Policy: got 1536 bytes (MORE coming) [WebControlSync.cpp:1069 WebControlSync::handlePolicyResponse]
    v 16040814385652 swi_service.exe:004108:0009c4 Resetting failure count and fallback timer. [WebControlSync.cpp:829 WebControlSync::httpEventCallback]
    I 16040814385652 swi_service.exe:004108:000f48 20160408 143856.520 T00000f48 ------ 3 - Queueing request 172\n [oem-log.cpp:29 oem_log]
    I 16040814385652 swi_service.exe:004108:001290 20160408 143856.520 T00001290 ------ 3 - Processing request=172, 00AE92B0\n [oem-log.cpp:29 oem_log]
    v 16040814385655 swi_service.exe:004108:0009c4 Policy response: event=3; status=200 [WebControlSync.cpp:1058 WebControlSync::handlePolicyResponse]
    v 16040814385655 swi_service.exe:004108:0009c4 Policy: got 1536 bytes (MORE coming) [WebControlSync.cpp:1069 WebControlSync::handlePolicyResponse]
    v 16040814385655 swi_service.exe:004108:0009c4 Resetting failure count and fallback timer. [WebControlSync.cpp:829 WebControlSync::httpEventCallback]
    I 16040814385658 swi_service.exe:004108:000f48 20160408 143856.583 T00000f48 ------ 3 - Queueing request 172\n [oem-log.cpp:29 oem_log]
    I 16040814385658 swi_service.exe:004108:000268 20160408 143856.583 T00000268 ------ 3 - Processing request=172, 00AE92B0\n [oem-log.cpp:29 oem_log]
    v 16040814385658 swi_service.exe:004108:0009c4 Policy response: event=3; status=200 [WebControlSync.cpp:1058 WebControlSync::handlePolicyResponse]
    v 16040814385658 swi_service.exe:004108:0009c4 Policy: got 1536 bytes (MORE coming) [WebControlSync.cpp:1069 WebControlSync::handlePolicyResponse]
    v 16040814385658 swi_service.exe:004108:0009c4 Resetting failure count and fallback timer. [WebControlSync.cpp:829 WebControlSync::httpEventCallback]
    I 16040814385664 swi_service.exe:004108:000f48 20160408 143856.645 T00000f48 ------ 3 - Queueing request 172\n [oem-log.cpp:29 oem_log]
    I 16040814385664 swi_service.exe:004108:000f30 20160408 143856.645 T00000f30 ------ 3 - Processing request=172, 00AE92B0\n [oem-log.cpp:29 oem_log]
    v 16040814385669 swi_service.exe:004108:0009c4 Policy response: event=3; status=200 [WebControlSync.cpp:1058 WebControlSync::handlePolicyResponse]
    v 16040814385669 swi_service.exe:004108:0009c4 Policy: got 1536 bytes (MORE coming) [WebControlSync.cpp:1069 WebControlSync::handlePolicyResponse]
    v 16040814385669 swi_service.exe:004108:0009c4 Resetting failure count and fallback timer. [WebControlSync.cpp:829 WebControlSync::httpEventCallback]
    I 16040814385669 swi_service.exe:004108:000f48 20160408 143856.692 T00000f48 ------ 3 - Queueing request 172\n [oem-log.cpp:29 oem_log]
    I 16040814385669 swi_service.exe:004108:001014 20160408 143856.692 T00001014 ------ 3 - Processing request=172, 00AE92B0\n [oem-log.cpp:29 oem_log]
    v 16040814385678 swi_service.exe:004108:0009c4 Policy response: event=4; status=200 [WebControlSync.cpp:1058 WebControlSync::handlePolicyResponse]
    v 16040814385678 swi_service.exe:004108:0009c4 parsing index file with sha1 checksum: 076c50fccafedc196ca4668ed67f1e062414a57c [WebControlSync.cpp:300 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4 index without signature: version 1\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^fragment 5432 a47365055413f5c02917c898ddad1b7ff99805e0\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^fragment 2872 8d0de0b9da4aada591492f0e001c3a02acc4c5a9\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^fragment 1768 7613757c39af5003b60f78ba60f22a21da3bc062\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^fragment 5480 00b7b24969a2cc7d7142f8fb09eecceb46648114\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^fragment 88 5910cb604ca198b708e526d1dde410d509db7092\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^magic 8466 4915373adbd1c29a6464f2d1e5f09f5d59ca64e8\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^swa_image 248 4e9558c69ab540791e3dc66c2fd747af9a2b298d footer_center.png\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^swa_image 1864 6ea4e86b6048812f2fdbcf9988b2dcb0282710f7 spinner.gif\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^swa_image 456 27aaee7c1ccd0e2da2c0e257e34192dfcddc74b3 dir.png\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^swa_image 2040 d07d686087df977f0705a920608fcd4027db7f39 quotaing.png\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^swa_image 440 6cb6af086eced30399365c7beb8148ed6cf839be topbar_left.png\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^swa_image 33544 a8b8ae3a1e73215e99ac16846bf8ed203a7a86f3 progress_bar.png\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^swa_image 72 7ef72cbb0804e633262e6aae780ef0b7c50dd266 spacer.gif\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^swa_image 264 e7e7f3842711e8090cf0e28267578048b2734813 fieldset_left.png\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^swa_image 328 488e34cababa0043905f3eee14b4a3a7a560cdb1 button_left.png\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^swa_image 4232 c28006ac05b54f50a55d4bda943b290e9a634e42 background.png\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^swa_image 264 54c0b33446d6c036bcb66da0620946f91adb2b3b fieldset_right.png\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^swa_image 1416 515cd803c8a7ad3e433a4e05f7e9450bd3544c0e logo.gif\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^swa_image 248 e9118ebd1aa78f4149d1b2d843cb05afc6b4bdc1 button_center.png\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^swa_image 1048 15d470edd84d4b27e396f209df4c98384108c309 download.png\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^swa_image 2072 6aa58b17f17ae89ddbbae28ba7ab9ffdc9c1a67b footer_left.png\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^swa_image 408 95563204de3cfb130ba074ffe6e9932a188278eb topbar_right.png\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^swa_image 4216 913419ff5e6656bc9fae0bfa4638f3b93e02078c logo.jpg\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^swa_image 4216 913419ff5e6656bc9fae0bfa4638f3b93e02078c astaro-logo.jpg\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^swa_image 104 2d753ff7186c4905fde674da6a753a3d194e74fb blank1x1.gif\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^swa_image 1656 e437c16cf10ba865326ab560a7d637991980d4db logo.png\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^swa_image 984 baf29225866bda97620c5e091e5ed0ef6e03a11e login_button.png\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^swa_image 1240 8f203b5681598ceed3095a01cec50478b4fb7398 warning2.gif\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^swa_image 312 5b6cae7707c73055dece97e64e6749e87ecde8e1 button_right.png\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^swa_image 536 579b9fcde14834782983202e76ba19242bbdcadf up.png\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^swa_image 536 ad0b2d9ca79bd12eec57591e70058f387470a580 file.png\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^swa_image 248 19e7abcc234a9d4700b1bd35291fb3de1e2ecac8 topbar.png\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^swa_image 600 813e102befb4fba4cda4096e765f4f87bb3f6625 symlink.png\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^swa_image 344 0297b0e44d2904461453343c57ac412c90ee82fb footer_right.png\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^swa_image 1080 0eee6251dac76988fdffabb4b35001142522fe86 warning.png\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^swa_image 312 8e22b5820db79a9098a72c9547a8a9eab83eeb4b fieldset_center.png\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^sxlconfig 88 3e0fa0e0e9af0a1a7ca77f8491a5fc6507eb9ab1\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3656 30da0d9a70609b4b08e905876c46e7b510acbeeb filetype_cn.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3656 30da0d9a70609b4b08e905876c46e7b510acbeeb filetype_de.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3656 30da0d9a70609b4b08e905876c46e7b510acbeeb filetype_en.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3656 30da0d9a70609b4b08e905876c46e7b510acbeeb filetype_es.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3656 30da0d9a70609b4b08e905876c46e7b510acbeeb filetype_fr.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3656 30da0d9a70609b4b08e905876c46e7b510acbeeb filetype_it.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3656 30da0d9a70609b4b08e905876c46e7b510acbeeb filetype_ja.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3656 30da0d9a70609b4b08e905876c46e7b510acbeeb filetype_tw.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3912 24159b792f9a1324781ea5e2a563778f9491fec9 filetypewarn_cn.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3912 24159b792f9a1324781ea5e2a563778f9491fec9 filetypewarn_de.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3912 24159b792f9a1324781ea5e2a563778f9491fec9 filetypewarn_en.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3912 24159b792f9a1324781ea5e2a563778f9491fec9 filetypewarn_es.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3912 24159b792f9a1324781ea5e2a563778f9491fec9 filetypewarn_fr.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3912 24159b792f9a1324781ea5e2a563778f9491fec9 filetypewarn_it.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3912 24159b792f9a1324781ea5e2a563778f9491fec9 filetypewarn_ja.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3912 24159b792f9a1324781ea5e2a563778f9491fec9 filetypewarn_tw.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3672 5c9eb307310e79b4525535709a945c53c8b5cca1 malware_cn.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3672 5c9eb307310e79b4525535709a945c53c8b5cca1 malware_de.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3672 5c9eb307310e79b4525535709a945c53c8b5cca1 malware_en.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3672 5c9eb307310e79b4525535709a945c53c8b5cca1 malware_es.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3672 5c9eb307310e79b4525535709a945c53c8b5cca1 malware_fr.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3672 5c9eb307310e79b4525535709a945c53c8b5cca1 malware_it.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3672 5c9eb307310e79b4525535709a945c53c8b5cca1 malware_ja.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3672 5c9eb307310e79b4525535709a945c53c8b5cca1 malware_tw.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3656 fa882ee16ef912f563e2902b820bc497118c3fcd blocklist_cn.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3656 fa882ee16ef912f563e2902b820bc497118c3fcd blocklist_de.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3656 fa882ee16ef912f563e2902b820bc497118c3fcd blocklist_en.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3656 fa882ee16ef912f563e2902b820bc497118c3fcd blocklist_es.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3656 fa882ee16ef912f563e2902b820bc497118c3fcd blocklist_fr.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3656 fa882ee16ef912f563e2902b820bc497118c3fcd blocklist_it.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3656 fa882ee16ef912f563e2902b820bc497118c3fcd blocklist_ja.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3656 fa882ee16ef912f563e2902b820bc497118c3fcd blocklist_tw.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3672 e4575cb5119fa2841637a8fecc2ecbb90063a335 policy_cn.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3672 e4575cb5119fa2841637a8fecc2ecbb90063a335 policy_de.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3672 e4575cb5119fa2841637a8fecc2ecbb90063a335 policy_en.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3672 e4575cb5119fa2841637a8fecc2ecbb90063a335 policy_es.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3672 e4575cb5119fa2841637a8fecc2ecbb90063a335 policy_fr.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3672 e4575cb5119fa2841637a8fecc2ecbb90063a335 policy_it.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3672 e4575cb5119fa2841637a8fecc2ecbb90063a335 policy_ja.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3672 e4575cb5119fa2841637a8fecc2ecbb90063a335 policy_tw.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3896 72bdeaf501e7b899310d6afa8ef48019b4f04ae9 warn_cn.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3896 72bdeaf501e7b899310d6afa8ef48019b4f04ae9 warn_de.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3896 72bdeaf501e7b899310d6afa8ef48019b4f04ae9 warn_en.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3896 72bdeaf501e7b899310d6afa8ef48019b4f04ae9 warn_es.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3896 72bdeaf501e7b899310d6afa8ef48019b4f04ae9 warn_fr.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3896 72bdeaf501e7b899310d6afa8ef48019b4f04ae9 warn_it.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3896 72bdeaf501e7b899310d6afa8ef48019b4f04ae9 warn_ja.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3896 72bdeaf501e7b899310d6afa8ef48019b4f04ae9 warn_tw.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3656 a1bdb86ff2f56f821f7fba251fbf54f548cb6981 service_cn.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3656 a1bdb86ff2f56f821f7fba251fbf54f548cb6981 service_de.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3656 a1bdb86ff2f56f821f7fba251fbf54f548cb6981 service_en.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3656 a1bdb86ff2f56f821f7fba251fbf54f548cb6981 service_es.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3656 a1bdb86ff2f56f821f7fba251fbf54f548cb6981 service_fr.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3656 a1bdb86ff2f56f821f7fba251fbf54f548cb6981 service_it.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3656 a1bdb86ff2f56f821f7fba251fbf54f548cb6981 service_ja.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3656 a1bdb86ff2f56f821f7fba251fbf54f548cb6981 service_tw.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3640 4697aed8417610fe84a5e5e87f99b9589cfb4916 urlblacklist_cn.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3640 4697aed8417610fe84a5e5e87f99b9589cfb4916 urlblacklist_de.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3640 4697aed8417610fe84a5e5e87f99b9589cfb4916 urlblacklist_en.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3640 4697aed8417610fe84a5e5e87f99b9589cfb4916 urlblacklist_es.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3640 4697aed8417610fe84a5e5e87f99b9589cfb4916 urlblacklist_fr.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3640 4697aed8417610fe84a5e5e87f99b9589cfb4916 urlblacklist_it.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3640 4697aed8417610fe84a5e5e87f99b9589cfb4916 urlblacklist_ja.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3640 4697aed8417610fe84a5e5e87f99b9589cfb4916 urlblacklist_tw.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3864 bb5955006d5db27d72187373921ce875c61404d4 urlblacklistwarn_cn.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3864 bb5955006d5db27d72187373921ce875c61404d4 urlblacklistwarn_de.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3864 bb5955006d5db27d72187373921ce875c61404d4 urlblacklistwarn_en.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3864 bb5955006d5db27d72187373921ce875c61404d4 urlblacklistwarn_es.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3864 bb5955006d5db27d72187373921ce875c61404d4 urlblacklistwarn_fr.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3864 bb5955006d5db27d72187373921ce875c61404d4 urlblacklistwarn_it.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3864 bb5955006d5db27d72187373921ce875c61404d4 urlblacklistwarn_ja.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]
    v 16040814385678 swi_service.exe:004108:0009c4^template 3864 bb5955006d5db27d72187373921ce875c61404d4 urlblacklistwarn_tw.html\r\n [WebControlSync.cpp:309 WebControlSync::verifyAndStripSignatureFromIndexFile]

  • 0 in reply to RickDunsirn

    Maybe, have the problem in the Sophos Agent ...

  • 0 in reply to RickDunsirn

    Based on the log lines:

    v 16040814384024 swi_service.exe:004108:0009c4 Failed to validate index signature using server key [Sophos::PublicKey 3c 40 57 81 a0 ea f5 b9 9b eb 61 f8 66 27 ff 78 91 04 12 87]. Does the endpoint need to re-register? [WebControlCrypto.cpp:301 reginfo::reginfo]
    e 16040814384024 swi_service.exe:004108:0009c4 Policy: invalid index err:0 

    It would suggest that the endpoint is downloading (in your case) the following index file:
    http://e53611b9-7d74-339e-b3f2-4e2addb92ca2-wdx-7d74.broker.sophos.com/wdx/policy/index.txt 

    It is then attempting to validate the signature and not being able to.  As a result the index file is deemed to be invalid so it will not progress to downloading the policy fragments.

    I can only think that either:

    1. The file is being corrupted on download by swi_service.exe.

    2. The endpoint is getting unexpected signature data.

    As the index file contains hashes of the policy fragments, an update to the policy would generate a new index file so that might be worth while.

    I've taken a quick look on a UTM at: 

    /var/epsecd/etc/eplog.conf

    and I see:

    private_key = /var/epsecd/resources/client.pem
    certificate = /var/epsecd/resources/client.crt
    ca_certificate = /var/epsecd/resources/aws.ca.crt
    sc_ini = /var/chroot-http/etc/sc.ini

    so under: /var/epsecd/resources/ we see:

    aws.ca.crt  client.crt  client.pem  postgresql  templates

    Note: Adding customer resources via the web interface (Management - Customisation - Web Templates /images) go to:

    /var/epsecd/resources/templates/[xxxxxxxxxx]/static/custom/

    So these would also be part of the index. For example with a custom file the index would have at the top of the fragment list:

    version 1

    custom_image 85864 cad136604af290b9fd9682f4139e7d87a4eb49e9 Sophos-icon.png

    where Sophos-icon.png is a custom file, the size and checksum are also listed.

    I wonder if cross referencing the endpoint trace logs with the info in the above certificates and the files on the endpoints under: "C:\ProgramData\Sophos\Web Control\Keys\" the problem could be understood.

    Failing which maybe try adding a custom resource to force a new index, then check your index file by just downloading it in a browser by adding /wdx/policy/index.txt to URL based on your appliance ID.  This can be found in the endpoint registry under: HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Web Intelligence\Web Control\PolicyURL. Finally restart the Sophos Web intelligence service on a client to force a new sync.

    Regards,

    Jak

Unfiltered HTML