This article shows how to control access to VPN applications on users’ computers through the Application Control feature of Sophos Endpoint.
We will prepare a Windows computer with Sophos Endpoint pre-installed. Install the OpenVPN Connect application on the machine.
Without declaring blocking policies, users can access VPN applications
2 Configuration steps
Configure Application Control policy on Sophos Central
Check the results on the device and view the report on Sophos Central
3 Configuration Guide
3.1 Configure Application policy on Sophos Central
To configure application control, we log in to Sophos Central’s admin page with an admin account, then go to Endpoint Protection > Policies.
Click Add Policy to add a new policy.
The Add Policy table appears, we will choose the following information:
Feature: select Application Control from the drop-down menu
Type : We can choose to apply this policy to the user or to the device, in this article we will choose Device.
The Create New Computer Policy table will appear, we need to fill in the following information:
Policy Name: Block VPN App
We will select the computer that the Windows machine is using, here we will select the computer DESKTOP-EI6CVC2 from the Available Computers table and click the right arrow to switch this computer to the Assigned Computers table.
The first step we need to click on Add / Edit List to add the application that we want to ban to the list.
Next, the Add / Edit Application List panel appears with the left panel showing the application categories that Sophos supports and the right side a list of applications in the category.
In this article we will ban users from using OpenVPN connect, to add this application we select the Proxy / VPN tool category in the left column, the applications of this category will appear in the right column.
We will search for the OpenVPN Connect application then select it and click Save to List to complete.
After saving you will see the OpenVPN Connect application will be in the list.
Next we will click the switch at Detect controlled applications when users access them (You will be notified) so that Sophos Central can detect and immediately ban the application when the user uses it.
Then click Save to save the policy
3.2 Check the results
After configuring the policy, we will go to the pre-prepared computer and perform the test.
Turn on the OpenVPN Connect application on the device and we will see the following result
Launching the Sophos Endpoint application on the mac we will see a log that Sophos Endpoint has blocked from accessing the application.
Next we will check the log to see if Sophos Central recorded the log.
To view the log we go to Logs and Reports > General Logs > Events.
As a result we will see the log lines are saved when the user violates the policy.
The log also provides very detailed information such as the date of the violation, the blocked path, the identity of the offending user, etc.