https://community.sophos.com/utm-firewall/f/management-networking-logging-and-reporting/131793/ips-alerts---sid-57103---sophosupdate-exe-processHello guys, I&#39;m receiving a lot of IPS alerts with SID 57103 for diferent destination IPs. 2021:12:17-10:29:11 sg-alpex snort[25704]: id=&quot;2101&quot; severity=&quot;warn&quot; sys=&quot;SecureNet&quot; sub=&quot;ips&quot; name=&quot;Intrusion protection alert&quot; action=&quot;drop&quot; reason=&quot;OS-WINDOWSen-USTelligent Community 12https://community.sophos.com/thread/485318?ContentTypeID=1Wed, 29 Dec 2021 15:11:04 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:e506f06e-d8f3-4aff-b425-99f30035174eFabio Canabarro<p>Hello,&nbsp;</p> <p>After enabling update via HTTPS the alerts stopped, thanks!</p><div style="clear:both;"></div>https://community.sophos.com/thread/484934?ContentTypeID=1Tue, 21 Dec 2021 14:38:25 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:2277fc15-d63c-4cb7-aa2a-98a9ea1d9815Fabio Canabarro<p>Hi, thanks for the reply!</p> <p>I&#39;m testing the update change to HTTPS on these customers, but in parallel I&#39;ll trigger Sophos support as suggested. Having an answer from them I share with you.</p> <p>Thanks again</p><div style="clear:both;"></div>https://community.sophos.com/thread/484933?ContentTypeID=1Tue, 21 Dec 2021 14:31:40 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:c485cea4-4434-4717-b54b-ac06380b914fFabio Canabarro<p>I found in Sophos Central where to change the update option to HTTPS, in fact in this client it was set to HTTP. I changed it to HTTPS and I will monitor if IPS alerts stop.</p> <p></p> <p>Before:</p> <p><img src="/resized-image/__size/640x480/__key/communityserver-discussions-components-files/53/pastedimage1640096680259v1.png" alt=" " /></p> <p>After:</p> <p><img src="/resized-image/__size/640x480/__key/communityserver-discussions-components-files/53/pastedimage1640097048763v2.png" alt=" " /></p> <p>I will monitor and report the result.</p> <p>Thanks!</p><div style="clear:both;"></div>https://community.sophos.com/thread/484932?ContentTypeID=1Tue, 21 Dec 2021 14:14:48 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:78c299bb-1bac-4143-a9d9-e442e90a1f10Fabio Canabarro<p>Hello, thanks for the reply!</p> <p>I checked the file you indicated, precisely in the UTM where I have these IPS alerts the UseHttps parameter is set to <strong>zero</strong>:</p> <p><em>UseHttps=0</em></p> <p>In other environments (completely separate Sophos Central and UTM customer) this option is set to 1.</p> <p>Do you know if this option is adjustable from Sophos Central? In the <strong>iconn.cfg</strong> file there is an indication not to edit it directly, I don&#39;t know if doing this will impact the endpoints.</p><div style="clear:both;"></div>https://community.sophos.com/thread/484881?ContentTypeID=1Mon, 20 Dec 2021 20:42:47 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:0368d43a-549a-48fa-a6b4-c83546567e63Sophos User930<p>Out of interest, if you open:</p> <p>C:\ProgramData\Sophos\AutoUpdate\Config\iconn.cfg</p> <p>What is UseHttps set to?</p><div style="clear:both;"></div>https://community.sophos.com/thread/484849?ContentTypeID=1Mon, 20 Dec 2021 14:25:27 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:b88a7ae5-e675-4322-bef8-93fae6505b8aBAlfson<p>Ol&aacute; Fabio and welcome to the UTM Community!</p> <p>Excellent and thorough explanation of the situation.&nbsp; I think this needs to have someone look at it - probably a 2nd- or 3rd-level engineer at Sophos Support as it involves both UTM and Intercept X.&nbsp; Please share with us what they conclude.</p> <p>Cheers - Bob</p><div style="clear:both;"></div>