Hi Jak; Because the event viewer is presenting such strange behaviour, I thought I would use Windows "Problem Steps Recorder" I have attached it here. No I havn't...size limit of 1024kb. Here is a Dropbox Link: https://www.dropbox.com/s/u54ikaafssrcxes/Admin%20events%20Kerneltracing-event%20and%20SAVOnAccess%20weirdness.zip?dl=0 Whats going on is a little hard to explain via capturing the events themselves (as text) . Its how the Admin Events behave..which is puzzling.
↧
Forum Post: RE: Some Sophos services are not running/missing
↧
Forum Post: RE: BitLocker Could not be enabled. WIN10Pro Build 1709 SGN8
Hi Derek, We are having the SAME EXACT issue here where I work. We're actually considering removing C/R from our build process all together. However, we are somewhat nervous about the potential decrease in overall security that this move may introduce. I'm very curious to hear yours and Michael's take on this? Thank you, Dave
↧
↧
Forum Post: RE: Windows update on secondary / backup link
i was sure it was more than just *.microsoft.com I just found an article https://support.microsoft.com/en-au/help/3084568/can-t-download-updates-from-windows-update-from-behind-a-firewall-or-p which states the following addresses: update.microsoft.com *.update.microsoft.com download.windowsupdate.com *.download.windowsupdate.com download.microsoft.com *.download.microsoft.com windowsupdate.com *.windowsupdate.com ntservicepack.microsoft.com wustat.windows.com login.live.com (this is required if you have connected a Microsoft Account) mp.microsoft.com *.mp.microsoft.com I'll add these to a host group and see how we go from there... was hoping Sophos or Cyberoam may have a pre configuration that may assist with this but it would appear not. thanks for the assistance Ian.
↧
Forum Post: RE: Sophos Central Partner Dashboard Unreachable
Hey Community, This is a known issue that has been observed infrequently. Development is aware and working on this. In the meantime, please access the Central Partner Dashboard via https://cloud.sophos.com/manage/partner instead. Thanks, FloSupport | Community Support Engineer
↧
Forum Post: RE: SMTP Relay Naming Issue
I'm the OP and have not spent any more time trying to find a more elegant solution to the problem, but it's easy enough to avoid. The key is that you can not use the same SMTP host name for both Zimbra and the UTM. For example, you can not use mail.xyzcompany.com for both Zimbra and the UTM. However, you can use xyzcompany.local for Zimbra and mail.xyzcompany.com for the UTM. I've been running this way for years, but I'm about due for a new mail server and I plan to look for a different method, such as modifying the SMTP headers in Zimbra. Note that when using a fictitious domain name such as .xyzcompany.local in Zimbra that it's the primary domain, and your real domain such as xyzcompany.com is a secondary domain. So when setting up Zimbra make believe that it's xyzcompany.local, then add your real domain such as xyzcompany.com as an additional domain. If using UTM 9 then go to Email Protection - SMTP - Advanced, and then scroll down to the Advanced Settings area. For SMTP hostname use your real hostname, such as mail.xyzcompany.com. If you are using XG then I don't have a clue how to configure it. Don't forget to set RNDS to match whatever you put in the UTM. My reason for modifying Zimbra rather than the UTM host name is that RDNS was already set and I didn't want to change it, but it could be done the other way around as well.
↧
↧
Forum Post: RE: Some Sophos services are not running/missing
Hi, This is the best I can provide based on the error from the on-access driver. community.sophos.com/.../110320 The event ID about third party DLLs being loaded is fine. That is Sophos detours DLL being loaded by being in the appinit key. Regards, Jak
↧
Forum Post: RE: AV Scanning
Thanks for the detailed reply.
↧
Forum Post: Manage Deploy Device
Is there any software where I can manage all of the deploy devices with Sophos by sending notifications of which deploy device have Sophos, up to date Sophos, and does not have Sophos install?
↧
Forum Post: [Fresh from the Press: Latest KB's] Sophos XG Firewall: Licensing Guide
Hey Community, Licensing is used to enable various features on the Sophos XG Firewall (SF) and the same general principles apply regardless of whether the license is for a hardware firewall or a virtual/software firewall. Certain Cyberoam iA / NG and Sophos SG appliances can also run the XG Firewall operation system. This helpful guide provides an overview of the licensing model and then answers some common use questions. Best, FloSupport | Community Support Engineer
↧
↧
Forum Post: RE: I am not receiving the confirmation email.
Hey QC, I believe it is the Sophos Home. I have had the email resent multiple times already. The only thing I can think of now is maybe it's on my end of the email. I'm using an @icloud.com email address. I'm thinking maybe it's in the privacy settings possibly not allowing the email to come thru. Thanks for the speedy reply.
↧
Forum Post: RE: Anyone seen MR6?
I can confirm that I am seeing it when I login to my XG (Home License). I think I am going to wait for a few others to report on how it goes before pulling the trigger. -Ron
↧
Forum Post: RE: Anyone seen MR6?
Have installed MR6, and so far the IPSEC dropouts have stopped! So I hope it stays that way :-) Will return if anything changes. (Remember with XG you can roll back to the previous firmware with a "click" ;) )
↧
Forum Post: RE: blocking snapchat/instagram p0rn
Hi Peter and welcome to the UTM Community! The only way to block p0rn selectively is to have the traffic transit Web Filtering. If you need to handle ports other than HTTP/S, I would put the Default Profile in Transparent and really lock it down and then create a Web Filtering Profile in Standard where the Proxy can enforce filtering rules on HTML accesses using ports other than TCP 80/443. I think you have to ban apps that can bypass Web Filtering. You might start looking here with a Google on: site:community.sophos.com/products/unified-threat-management/f/web-protection-web-filtering-application-visibility-control school Cheers - Bob
↧
↧
Forum Post: RE: how to stop SMTP Open Relay
Hi Satya, This is the UTM Community - you will want to post your question in the XG Community instead. Cheers - Bob
↧
Forum Post: RE: RED Performance over WAN / IPSec performance over WAN
Hallo Bernd, What, if anything, do you learn if you do #1 in Rulz ? Have you made appropriate Exceptions for Intrusion Prevention (Snort)? Cheers - Bob
↧
Forum Post: RE: SNAT For Radius via IPsec
We would need to know the definition of the VPN tunnel and the IPs of the source and destination addresses. Obfuscate like 172.21.X.0/24:215.X.Y.12 54.X.Y.73:10.X.Y.0/22. Cheers - Bob
↧
Forum Post: RE: Sophos Secure Mail not opening on iOS devices.
Hello Kevin, Your issue has been escalated to our development team with the reference number below. Issues are prioritised based on severity and customer impact. Development reference number: SSEIOS-277 Current Status: Escalated to Development Issue type: Investigation This ticket is already under development with another customer so we're hoping to have this resolved soon. I'll let you know on Friday if I hear anything more.
↧
↧
Forum Post: RE: UTM 9.508-10: Recipient varification with Active Directory still not working?
Been on 9.508 since soft release, also have no problems, but run normal LDAP without LDAPS.
↧
Forum Post: RE: Using Web Filtering, unable to stream Amazon on Roku
Just wanted to chime in that I have the exact same issue and haven't been able to resolve it without adding the Roku to the skip list as you mentioned. Hopefully someone can come along with an answer, but there's at least two of us.
↧
Forum Post: RE: Proxy CA certificate is expiring
Anyone: I have a customer SG115 that just now started emailing the Proxy CA expiring message. Anything new here?
↧