Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 3537 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

9.402-7 Buggy update? I'm having two issues

Rogue Agent

The first issue was that my IPS was blocking web access to my wife's online university.  I was able to track this down to an active IPS signature that Emerging Threats had already deleted but for some reason Sophos was still using.  

The second issue I am having is I am getting a "Malicious Content Blocked" when I am trying to download a file via web browser.  It says:

  • The requested location contains malicious content, identified as <whatever classification> and was blocked from downloading.
  • Return to the page you were previously viewing.

However, I have sophos web protection enable only on a different network segment.  I also disabled it completely and am still seeing the same behavior.  I also have endpoint protection completely disabled.

Is Sophos FORCING protection upon me that I don't want?  How do I disable this?  Why isn't it excluding this traffic from web protection (which I completely disabled to test if it was being applied to the wrong network now)?  On my dashboard page ONLY Firewall, IPS and Remote Access are turned on.  



This thread was automatically locked due to age.
  • 0

    My suspicion is that it is Endpoint that is blocking you and not the UTM.

    You can confirm by taking a laptop home or to an internet cafe.  Assuming you have the rights, try loading the Endpoint UI then Configure, Web Control.  Turn it off and see if that solves it.

    Endpoint has "Web Protection" even if "managed Web Control" is off.  It is intended for customers who purchase Endpoint and who don't have a UTM/SWA to give them granular web control.  The naming is confusing, I'm not even sure of it offhand.  If you have a SEC managed endpoint, look at your settings in SEC.  If it is a UTM managed endpoint...  I'm not sure how to control it, it's out of my experience.

  • 0 in reply to Michael Dunn

    I appreciate the reply, but I'm not familiar with Endpoint.  Its always been disabled in my UTM Admin interface and I haven't installed an endpoint software/client on my machine.  HOWEVER, you got me thinking.  I *DO* use Sophos Anti-Avirus (free Mac version) and sure enough - The Web Protection was on (either it was turned on in an update or I'd never triggered it before).  Temporarily disabling that let me download the file.  "Sophos Web protection" becomes a vague term when you use both the UTM and the A/V Home edition.  It seems the A/V client was hijacking my browser and it wasn't the UTM.  

Unfiltered HTML