Browsing the packages I get the error shown in the picture below.
I have allowed the bypass of web protection with the following filtering options that work.
I don't see anymore the nuget.org and msecnd.net calls.
Checking the web filtering log (the complete is at the end of this page) I see:
2017:08:23-10:42:14 serestsophos httpproxy[9828]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xdfae1600" function="connect_server" file="dns.c" line="1270" message="connect() on AF 2 socket to 93.184.221.200 failed: Network is unreachable"
Also, some times, I see:
2017:08:23-10:31:49 serestsophos httpproxy[9828]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xdc6d9600" function="ssl_raw_read" file="ssl.c" line="772" message="SSL_ERROR_SYSCALL: ret=-1 error=Connection reset by peer"
Google search for "sophos connect() on AF 2 socket" didn't return any solution.
Google search for sophos nuget.org returned a reference to Trojan.
No virus found scanning all computer with sophos virus removal tool.
I have dony many, many other search with no luck.
Any Idea ?
2017:08:23-10:31:49 serestsophos httpproxy[9828]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.101.132" dstip="23.205.188.204" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="607" request="0xdc35b000" url="cdn.odc.officeapps.live.com/.../sharepoint_16_1.png" referer="" error="" authtime="0" dnstime="1220964" cattime="4651" avscantime="1178" fullreqtime="1486345" device="0" auth="0" ua="Microsoft Office/15.0 (Windows NT 10.0; Microsoft Visio 15.0.4953; Pro)" exceptions="" category="9998" reputation="unverified" categoryname="Uncategorized" application="office" app-id="1156" sandbox="-" content-type="image/png"
2017:08:23-10:31:49 serestsophos httpproxy[9828]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xdc6d9600" function="ssl_raw_read" file="ssl.c" line="772" message="SSL_ERROR_SYSCALL: ret=-1 error=Connection reset by peer"
2017:08:23-10:31:49 serestsophos httpproxy[9828]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.101.132" dstip="23.205.188.204" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="705" request="0xdf6baa00" url="cdn.odc.officeapps.live.com/.../xml referer="" error="" authtime="0" dnstime="1206399" cattime="105" avscantime="2452" fullreqtime="1480332" device="0" auth="0" ua="Microsoft Office/15.0 (Windows NT 10.0; Microsoft Visio 15.0.4953; Pro)" exceptions="" category="9998" reputation="unverified" categoryname="Uncategorized" application="office" app-id="1156" sandbox="-" content-type="text/xml"
2017:08:23-10:31:49 serestsophos httpproxy[9828]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.101.132" dstip="23.205.188.204" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="607" request="0xdf586000" url="cdn.odc.officeapps.live.com/.../sharepoint_16_1.png" referer="" error="" authtime="0" dnstime="1221832" cattime="736" avscantime="1954" fullreqtime="1634883" device="0" auth="0" ua="Microsoft Office/15.0 (Windows NT 10.0; Microsoft Visio 15.0.4953; Pro)" exceptions="" category="9998" reputation="unverified" categoryname="Uncategorized" application="office" app-id="1156" sandbox="-" content-type="image/png"
2017:08:23-10:31:49 serestsophos httpproxy[9828]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xdf586000" function="ssl_raw_read" file="ssl.c" line="772" message="SSL_ERROR_SYSCALL: ret=-1 error=Connection reset by peer"
2017:08:23-10:33:05 serestsophos httpproxy[9828]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.101.132" dstip="65.55.44.109" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="7730" request="0xdfae1600" url="vortex.data.microsoft.com/" referer="" error="" authtime="0" dnstime="19711" cattime="391" avscantime="0" fullreqtime="110358640" device="0" auth="0" ua="" exceptions="av,sandbox,ssl,fileextension,size"
2017:08:23-10:36:03 serestsophos httpproxy[9828]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.101.132" dstip="13.107.4.52" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="22" request="0xdf772c00" url="www.msftconnecttest.com/connecttest.txt" referer="" error="" authtime="0" dnstime="3615721" cattime="1060176" avscantime="8365" fullreqtime="4811075" device="0" auth="0" ua="" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" sandbox="-" content-type="text/plain"
2017:08:23-10:36:59 serestsophos httpproxy[9828]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.101.132" dstip="2.16.13.93" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="1086" request="0xdc359200" url="cdn.onenote.net/.../ referer="" error="" authtime="0" dnstime="35873" cattime="215" avscantime="4218" fullreqtime="147562" device="0" auth="0" ua="Microsoft-WNS/10.0" exceptions="" category="105" reputation="trusted" categoryname="Business" application="office" app-id="1156" sandbox="-" content-type="text/xml"
2017:08:23-10:38:07 serestsophos httpproxy[9828]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.101.132" dstip="216.58.205.227" user="" group="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xdf774400" url="clientservices.googleapis.com/.../seed referer="" error="" authtime="0" dnstime="3453" cattime="216" avscantime="0" fullreqtime="1235542" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36" exceptions="" category="178" reputation="trusted" categoryname="Internet Services" application="googapis" app-id="176"
2017:08:23-10:40:06 serestsophos httpproxy[9828]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.101.132" dstip="65.55.44.109" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="11986" request="0xdb7c5000" url="vortex.data.microsoft.com/" referer="" error="" authtime="0" dnstime="30367" cattime="387" avscantime="0" fullreqtime="230936532" device="0" auth="0" ua="" exceptions="av,sandbox,ssl,fileextension,size"
2017:08:23-10:42:14 serestsophos httpproxy[9828]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xdfae1600" function="connect_server" file="dns.c" line="1270" message="connect() on AF 2 socket to 93.184.221.200 failed: Network is unreachable"
2017:08:23-10:42:14 serestsophos httpproxy[9828]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xdf858600" function="connect_server" file="dns.c" line="1270" message="connect() on AF 2 socket to 93.184.221.200 failed: Network is unreachable"
2017:08:23-10:42:14 serestsophos httpproxy[9828]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xdb7c3e00" function="connect_server" file="dns.c" line="1270" message="connect() on AF 2 socket to 93.184.221.200 failed: Network is unreachable"
This thread was automatically locked due to age.