Setting up Sane Defaults for Sophos Endpoint Webfilter
Sophos Endpoint Advanced comes with several pre-sets for web-filter. These are good starting points, but they are targeted at "optimal" working environments and don't really reflect the actual practices of most reasonable operations that employee responsible adults. It's pretty simple to tweak them to match your environments needs.
1. Login at http://cloud.sophos.com If you don't have a cloud login stop and contact your sales rep to setup your account for you. Don't use the "sign up" option on the page as this will slow down the process.
2. At login you will be on the Dashboard, to start with setup a global override for websites by going to settings > website management
3. To create tags you need to assign at least one website of each time. For practical purposes use your web domain as the Always Allowed. And something unless like whitehouse.com as you Always block trigger.
4. in-order to modify the webfilter you need to use the "Endpoint Protection" sub area
5. From the Endpoint Protection Module, click on policies and locate the Web Control section near the bottle. By default you will have a Base Policy that you can't delete but you can configure it. You may also create other policies that apply to specific users like HR and Executives that might be less restrictive. Example in base policy you might prevent employees from using company machines to look at employment sites; but HR and Executive would be allowed to in-order to hire additional staff.
6. From the view computer policy screen; click on settings and the review each of the additional security options.
7. For Risky File Types change it to Let me Specify; then change EXE to Allow.
8. For Productivity-related; choose Let Me Specify and decide how you want to handle Job Search Sites
9. For Adult and potentially inappropriate categories; choose "Block" that switch it to "Let me Specify" then set Allow on the categories that match your company culture and you tolerance for lawsuit related HR issues. There is no right answer for these setting but starting conservative is always a good place to start.
10. Lasting setup your TAG based overrides. These will allow you to added sites to "website management" quickly so that they apply to all of your website policies.
