+1
Under review

ScreenConnect issue with Sophos Central

stephen hogan-psl 8 years ago updated by ITConnections 7 years ago 3

Version 6.1.12292.6236


Hi everyone,


We have Sophos Central on our LAN, and by default, this typically warns users when downloading what they class as 'Risky Downloads' - e.g. .exe, .msi, and offer a warning such as:


Image 119


The user can choose to proceed with the download (in which it is logged) or return to the previous page.


When using the "Build+" dialog and clicking the "Download" button, this warning does NOT appear, and there is no change to what the user sees (other than "Waiting for <servername>" in the status bar).


Image 120


As you can see from the above video, when I 'Inspect' the code behind the download button, I can see the HTML code that refers to an iframe - opening this iframe in a new tab brings up the warning that *** should *** appear to the end user. this way, I can proceed and download the executable.


All I am asking for is that when clicking on the "Download" button that it detects that Sophos Central is intercepting the request to download an executable file that it changes the web page to the "Sophos Web Protection" page (as in the image far up) or open a new tab/window.


Sophos Central does not have the ability to whitelist the URL to download executables, as those rules are mutually exclusives of each other. I can whitelist sites but not downloads from particular sites, and if I allow executables, it would be for ALL sites - not the most secure way of handling downloads! ;)


For the time being, I do have to relax the rule on executable files, but this does pose a risk.


Any advice appreciated.



Regards,

Stephen

+1

Good afternoon and thank you for your participation on the ConnectWise Control product forum.


Since the reported behavior is not a bug with the ConnectWise Control software, I am moving this thread to our Feature Request portal based on the following excerpt so that our Product Management team can review the request:


"All I am asking for is that when clicking on the "Download" button that it detects that Sophos Central is intercepting the request to download an executable file that it changes the web page to the "Sophos Web Protection" page (as in the image far up) or open a new tab/window."


Cheers,

Ben

Hi Ben,


While I do agree that what I am asking for may be a new feature, this new feature is to mitigate against an existing bug. Other web-based applications that intercept traffic and put a response page up against any iframe may also exhibit the same symptoms.


I would ask that you reconsider this move, and revert it back into "Bug Reports".



Thanks, in advance.


Stephen 

Hi Ben,


Quite a big issue here as well, any ETA on when or if this is going to be implemented? I agree with Stephen, it is far more an issue with screenconnect not displaying the message than with sophos for blocking it. It cant be expected to allow a massive security hole like that just for users to be able to use screenconnect.


Should also note same thing happens for end users connecting to a adhoc session, not just on building installers.


Thanks,


Tom