Sophos Web

Posted By admin  On 02.05.21



Sophos Web Protection provides enhanced protection against web threats. It includes the following features:

  1. Sophos Web Filtering
  2. Sophos Web Intelligence
WebsiteSophos Web

The Web protection feature is part of Sophos Anti-Virus and is included with all Sophos Central licenses that include this product. This feature is designed to prevent threats from reaching the web browser. Web control is an additional feature available in the following licenses: Sophos Central Endpoint Protection Advanced. Sophos UTM is an excellent secure web gateway capable of filtering and cleaning web traffic, but it also has a special trick when it comes to protecting endpoint computers both on and off premises. Sophos started out as an anti-virus company, providing endpoint protection for Windows systems. Live URL filtering blocks access to websites that are known to host malware. This feature works by performing a real-time lookup against Sophos's online database of infected websites. When access to a malicious website is blocked, the event is recorded in the scanning log. The Sophos Web Appliance is designed to function as a web proxy that provides HTTP security at the gateway. Potentially risky content is scanned for various forms of malware. URL requests are compared to the Sophos site list, in which sites are assigned a risk class and a site category.

  • Live URL filtering
  • Scanning of downloaded content
  • Checking of the reputation of downloaded files

Live URL filtering

Live URL filtering blocks access to websites that are known to host malware. This feature works by performing a real-time lookup against Sophos's online database of infected websites.

When access to a malicious website is blocked, the event is recorded in the scanning log. For information about viewing the scanning log, see View the scanning log.

Sophos Web Filtering

Content scanning

Content scanning scans data and files downloaded from the internet (or intranet) and proactively detects malicious content. This feature scans content hosted at any location, including locations not listed in the database of infected websites.

Download reputation

Download reputation is calculated based on the file's age, source, prevalence, deep content analysis and other characteristics.

Note Download reputation is supported only on Windows 7 and later.

By default, an alert will be displayed when a file with low or unknown reputation is downloaded. We recommend that you do not download such files. If you trust the file's source and publisher, you can choose to download the file. Your action and the file's URL will be recorded in the scanning log.

Note Download reputation is calculated based on the data in the SophosLabs' in-the-cloud database and requires Sophos Live Protection to be enabled in order to perform lookups and obtain the data. (By default, Sophos Live Protection is enabled.)

For more information about download reputation, see knowledgebase article 121319.

Web protection configuration settings

Provideo driver. Subler 1.5 ton. By default, web protection is enabled: access to malicious websites is blocked, downloaded content is scanned and the reputation of downloaded files is checked.

Vlc catalina

Web

For more information about the web protection settings and how to change them, see Configure Sophos Web Protection.

Supported web browsers

Web protection is supported on the following web browsers:

  • Internet Explorer
  • Edge
  • Google Chrome
  • Firefox (except for download reputation)
  • Safari (except for download reputation)
  • Opera

Web content accessed via an unsupported browser is not filtered and will not be blocked.

Note If a management console is used to administer Sophos Endpoint Security and Control on this computer, it may override any changes you make here.

Sophos Web Intelligence

To change Sophos Web Protection settings:

  1. Click Home > Anti-virus and HIPS > Configure anti-virus and HIPS > Configure > Web protection.
  2. To block or unblock access to malicious websites, next to Block access to malicious websites, select On or Off. This option is enabled by default.
    For information on how to authorize a website that is classified as malicious, see Authorize a website for use.
  3. To enable or disable scanning of downloaded data and files, next to Content scanning, select As on-access scanning, On, or Off.
    By default, As on-access scanning is selected, that is, content scanning is disabled or enabled simultaneously with on-access scanning.
  4. To change what happens when a file with low or unknown reputation is downloaded, under Download reputation, next to Action, select either Prompt user (default) or Log only.
    • If you select Prompt user, every time a low reputation file is downloaded, an alert will be displayed, informing about this and asking whether to block or allow the download. We recommend that you do not download such files. If you trust the file's source and publisher, you can choose to download the file. The choice to block or allow the download and the file's URL will be recorded in the scanning log.
    • If you select Log only, no alert will be displayed; the download will be allowed and recorded in the scanning log.
  5. To choose how rigorous you want reputation scanning to be, next to Threshold, select Recommended (default) or Strict.
    • If you select Recommended, an alert will be displayed and/or a log record created every time a file with low or unknown reputation is downloaded.
    • If you select Strict, an alert will be displayed and/or a log record created every time a file with low, unknown, or medium reputation is downloaded.

For more information about download reputation, see knowledgebase article 121319.

Sophos

For information about viewing the scanning log, see View the scanning log.