IBM Aspera Connect does not work with Sophos antivirus web control

Issue

On a website that uses IBM Aspera Connect, Connect launches on the operating system as expected. However, the website displays a blue banner stating that Connect is not installed and that the latest version should be downloaded. This occurs even when Connect is up to date.

If you have Sophos antivirus software installed, this is the most likely cause of the issue, as it may be blocking essential communication between the browser and the Connect application.

Environment

  • Product: IBM Aspera Connect
  • Other: Sophos antivirus software
  • Browsers: Any

Test — Is this the cause of your problem?

To verify that Sophos (or any other security program) is the source of the problem, test whether something is blocking browser access to your machine (localhost):

1. With Connect running, go to this URL in a browser that is having problems:

          https://local.connectme.us:43003/v5/connect/info/version

If you get an error message such as: "Unable to connect" or "Can’t establish a connection to the server at local.connectme.us:43003" then it is possible that there is Security / Anti-virus software blocking a port we need. Proceed to the next part of the test.

2. Try accessing the same URL in one of the following ways:

Windows, using PowerShell, enter this command all on one line:

(New-Object System.Net.WebClient ).DownloadString( “https://local.connectme.us:43003/v5/connect/info/version“ )

Mac / Linux, using the terminal / command-line, enter this command all on one line:

curl -i https://local.connectme.us:43003/v5/connect/info/version

In either case, the command should return a line that looks something like this:

{ "version" :" 3.7.0.138427" }
 

Solution

Try the following solution measures below.

Note: You will need administrator access to make these changes to Sophos. If you do not have access to configure Web Control, contact your system administrator.

 1. Exclude localhost (127.0.0.1) from websites

a. Right click the Sophos shield icon in the system tray and select Open Sophos Endpoint Security and Control.

b. Click Configure anti-virus and HIPS, and then click on Authorization. Select the Websites tab.

c. Click Add, and as an IP address, enter 127.0.0.1 to authorize it.

d. See if Connect is now responding by launching a web browser and going to this site: 

          https://local.connectme.us:43003/v5/connect/info/version

if your change worked then you will see a page with a single line on it, something like this:

          { "version" : "3.7.4.147728" }

2. Fix if you are using "Sophos Central"

How to add exclusions for Aspera.

The exclusion to put into place for this application to work should be:

  • Log into Central Admin
  • click Endpoint Protection
  • click Policies
  • click Threat Protection Policy
  • click Add Exclusion (bottom right of page)
  • select Website for the exclusion type
  • add the loopback IP 127.0.0.1 exclusion, and
  • save the changes.

Re-test the Aspera Connect software after this is complete by going to:

If that works then you are done. Stop.

 

3. Disable Sophos web control

a. Right-click the Sophos shield icon in the system tray and select Open Sophos Endpoint Security and Control.

b. On the main navigation menu at the top, go to Configure > Web Control. Clear the check box for Enable web control.

c. Repeat step 1. d. to see if this change worked.

3. Set the Sophos Web Intelligence Service to manual and stop it.

Repeat step 1. d. to see if this change worked.

4. Uninstall Sophos

If none of the previous measures work and you are able to uninstall Sophos, you may need to do so in order to run Connect.

Repeat step 1. d. to see if this change worked.

 

0 Comments

Article is closed for comments.
Powered by Zendesk