We have Sophos Central on our LAN, and by default, this typically warns users when downloading what they class as 'Risky Downloads' - e.g. .exe, .msi, and offer a warning such as:
The user can choose to proceed with the download (in which it is logged) or return to the previous page.
When using the "Build+" dialog and clicking the "Download" button, this warning does NOT appear, and there is no change to what the user sees (other than "Waiting for <servername>" in the status bar).
As you can see from the above video, when I 'Inspect' the code behind the download button, I can see the HTML code that refers to an iframe - opening this iframe in a new tab brings up the warning that *** should *** appear to the end user. this way, I can proceed and download the executable.
All I am asking for is that when clicking on the "Download" button that it detects that Sophos Central is intercepting the request to download an executable file that it changes the web page to the "Sophos Web Protection" page (as in the image far up) or open a new tab/window.
Sophos Central does not have the ability to whitelist the URL to download executables, as those rules are mutually exclusives of each other. I can whitelist sites but not downloads from particular sites, and if I allow executables, it would be for ALL sites - not the most secure way of handling downloads! ;)
For the time being, I do have to relax the rule on executable files, but this does pose a risk.
Any advice appreciated.
Customer support service by UserEcho