Sophos Ideas

Do you have an idea for a Sophos product? Do you recognize a good idea when you see one? We want to hear from you!

AdminRich Baldry (Product Owner, Web Protection, Sophos Features & Ideas Laboratory)

My feedback

  1. 7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  XG Firewall » Web Protection  ·  Flag idea as inappropriate…  ·  Admin →

    Have you tried using a Custom Category instead of an Exception for this purpose. You can use the YouTube video ID as a keyword in a Custom Category. You can import lists of keywords from a text file. You can then make a web policy rule that allows that Custom Category and place it before the rule that blocks YouTube.

  2. 5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  XG Firewall » Application Control  ·  Flag idea as inappropriate…  ·  Admin →

    XG Firewall provides a number of enhancements that help in dealing with proxies like Psiphon, including Synchronized App Control, which can identify traffic based on the desktop application that it originates from. Consider upgrading to XG Firewall.

  3. 5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  XG Firewall » Web Protection  ·  Flag idea as inappropriate…  ·  Admin →

    It is not clear what behaviour you want in XG from this post or what problem you are trying to solve.

  4. 28 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  XG Firewall » Web Protection  ·  Flag idea as inappropriate…  ·  Admin →

    In version 17.1 we introduced an option in the Firewall rule that allows you to quickly block QUIC traffic, which forces browsers to revert to regular HTTP.

    Our recommended solution for this right now is to block QUIC in the firewall. This can be done by adding a rule that blocks outbound connections to UDP ports 80 and 443. Browsers will automatically fall back to using regular HTTP/HTTPS.

    In the short term, we plan to add a feature to make this blocking simpelr to implement.

    In the longer term we will investigate providing direct support to enable full Web Protection for the QUIC protocol.

  5. 2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SG UTM » Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →

    I hope I have translated your request correctly.

    We are planning a separate update soon after the release of v9.6 that will allow SafeSearch enforcement even without HTTPS decryption, which is why I did not mention that in particular.

  6. 88 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    13 comments  ·  XG Firewall » Web Protection  ·  Flag idea as inappropriate…  ·  Admin →

    @Jeremy, do you believe we need to do anything special to enable that? My understanding is that if you are logged-in as a user of a GSuite domain that has approved a video or a channel, it will work even though restricted mode is enforced.

  7. 44 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    13 comments  ·  XG Firewall » Network Protection  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for your idea. I'd like to ask a few questions to help understand the requirement.

    1. Which of those lists do you find most useful for the different situations?
    2. Do you have more specifics about why you think Sophos's ATP is prone to false positives? This comment also implies that you've found community blacklists to be more reliable? Do you have data to back that up? Or is it simply that you're looking to use lists that are beyond the scope of ATP?
    3. You filed this request against Web protection. Are you looking just to block Web traffic with these blacklists? Or do you really want to use the lists to block traffic to specific IP addresses or ranges at the Firewall level?

    Note also that Custom Categories under Web Protection provides some abilities to consume blacklists in the right format. This would normally be a URL/Hostname based format rather than IP blacklists.

  8. 1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SG UTM  ·  Flag idea as inappropriate…  ·  Admin →

    Can you provide a bit more information about what problem you're trying to solve here? If you're trying to control web access, you can tag URLs/FQDNs in the Websites list under Web Protection and manage access with a Web Policy.

  9. 97 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  XG Firewall » Web Protection  ·  Flag idea as inappropriate…  ·  Admin →

    It's currently slated for v17.3.

  10. 32 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  XG Firewall » Web Protection  ·  Flag idea as inappropriate…  ·  Admin →

    Great points. Thanks for the feedback. We'll certainly take it into account and keep brainstorming on how best to provide this kind of feedback when it can't be delivered directly in the browser.

    Have you tried running with virus protection in Batch mode? It does provide the notifications when malware is found. You may find that the difference in behaviour is not too noticeable.

    As Michael points out, because real-time mode starts sending the file content before the decision is made to block, the browser would mostly fail to recognise or render an HTML block message if we sent it after the aborted file content.

    If there was another, out-of-band method for sending such notifications, do you think it would be useful? For example, a message displayed on the Windows desktop via the Authentication Agent, or maybe using a browser add-on?

  11. 2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  XG Firewall » Web Protection  ·  Flag idea as inappropriate…  ·  Admin →

    Are you suggesting that we produce an endpoint client software on Windows (and Mac) that can synchronize web policies with XG Firewall and enforce them even when the endpoint machine is taken away from the corporate network?

  12. 32 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  XG Firewall » Web Protection  ·  Flag idea as inappropriate…  ·  Admin →

    You can put a custom logo in the top of the page and also underneath the text in the page.

    There is another feature request already open for complete customization of block pages. If you're looking for something beyond the logo customization that's already possible, I suggest you vote for this one.

    https://ideas.sophos.com/admin/v3/suggestions/18786781/activity

  13. 1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SG UTM » Web Protection  ·  Flag idea as inappropriate…  ·  Admin →

    Can you give more detail about why they want to do this? It will have no impact on product behaviour.

  14. 23 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  SG UTM » Web Protection  ·  Flag idea as inappropriate…  ·  Admin →

    We have QUIC on our radar and are monitoring the business priority of implementing full filtering for this.

    For the SG UTM, it is of course possible to create a specific firewall rule that blocks outbound traffic on UDP ports 443 and 80. This has the effect of forcing QUIC-capable browsers to revert to HTTPS. We have not yet come across any situations where this impacts the availability of web sites or services.

    We are adding a feature in version 17.1 of XG Firewall where you can specify in a firewall rule that QUIC traffic should be blocked.

  15. 16 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Endpoint Protection » Web Security/Control  ·  Flag idea as inappropriate…  ·  Admin →

    This is a tricky area to navigate. We will certainly look at this in the near future, but here is some context:

    When the browser initiates a normal HTTP web request, we can intercept that request and substitute the HTML of a block page. Because HTTP has no security or connection validation, the browser just displays that HTML and the user sees a block page.

    When the browser initiates an HTTPS request, we see an SSL/TLS handshake packet and make the decision to block based on that. The browser is expecting to receive a server TLS response. If we try to respond with HTML, it will drop the content and not display it. The only way to get the browser to display a block page is for us to pretend to be the server that you were connecting to, complete the TLS tunnel and send the HTML page through that. But that can cause other problems, such as security or certificate alerts popping up in the browser before the message is seen, which can be alarming to end-users.

    In the past, Sophos Endpoint would use desktop popup messages to indicate when an HTTPS connection had been blocked. But this caused a lot of complaints, particularly because it would be visible even for blocking 'background' HTTPS connections like advertising or other issues which would have been invisible had they been HTTP.

  16. 13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  XG Firewall » Web Protection  ·  Flag idea as inappropriate…  ·  Admin →

    @Suresh - I suggest you submit a separate feature request for this.

  17. 18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  XG Firewall » Web Protection  ·  Flag idea as inappropriate…  ·  Admin →

    Removing the file size limit risks opening up the device to significant performance hits. Large files take a lot of effort to scan, especially as they tend to be archives or installers with a large number of individual elements inside.

    A web gateway or firewall works best when used as a tool for blocking active attacks, not a way to sanitize large archives or ISO images that may have stored malware lurking on them.

    There are two main ways malware scanning prevents active malware attacks. First, by scanning web content that gets executed in the browser before any malware protection on the Endpoint gets to see it. We can detect and block malicious javascript, flash and other active web content. Second, by blocking the binary payloads that are delivered as part of a malware attack. But active malware attacks do not use large payload files. Large payloads take longer to download and are more likely to be noticed.

    Large file downloads should be scanned when they are stored and decompressed/extracted on endpoint devices. Endpoint protection will prevent any malware found there from executing.

  18. 15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  XG Firewall » Application Detection Requests  ·  Flag idea as inappropriate…  ·  Admin →

    Is this still causing issues? FaceTime is definitely on the list of supported apps. If you think it's not being identified correctly, perhaps try contacting support.

  19. 5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  XG Firewall » Application Control  ·  Flag idea as inappropriate…  ·  Admin →

    Neat idea! We can't tell which endpoint app from simply looking at the connection, but with Synchronized App Control we can find out directly from the source.

  20. 5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  XG Firewall » Application Control  ·  Flag idea as inappropriate…  ·  Admin →

    The problem with Web-based authentication is that we can challenge the user to login, but it is impossible to tell when they log out. The timeout is required to ensure that user sessions from different users at the same machine don't roll into each other.

    It would help us understand the requirement if you could provide a bit more detail about the authentication method you're using. Is it NTLM authentication (where the browser send the user's login credentials behind the scenes), Captive Portal (where a web page is shown for the user to enter their username and password) or are you using STAS (where you install an agent on the AD server and monitor login/logout events directly).

← Previous 1 3

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.