Globelink UK

Overview
On 9 February 2023, Microsoft released version 110.0.1587.41 for Microsoft Edge. With this version installed, we have seen Data Loss Prevention (DLP) rules for web browsers trigger on files present on the desktop. This is due to Microsoft Edge reading every file on the desktop.

Product and Environment
Sophos Endpoint Agent

Issue timeline
14-FEB-2023: Our Development team has confirmed that Microsoft Edge version 110 is reading all the files located on the user’s desktop. They have also confirmed that Microsoft Edge version 109 gets a list of all files on the desktop, but does not read them. Sophos DLP scanning for Internet Browsers monitors file reads made by the browser process and processes through the selected rules. As Microsoft Edge is reading all the files on the desktop, the scan and potential detections are occurring correctly. We have reached out to Microsoft to provide clarity on this behavior of Microsoft Edge.
Impact
When launching Microsoft Edge, DLP rules are configured to apply to the internet browser: Microsoft Edge and will be run against files on the desktop, as Microsoft Edge is reading those files.

If any match the DLP rules, an event will be seen on Sophos Central, and they may be prompted to allow or block the files if the policy is configured to “Allow transfer on acceptance by user”.

Current status
A a workaround, for DLP rules that have Microsoft Edge selected, unselect it. The impact of this workaround is that Microsoft Edge is not monitored for these DLP rules. It is recommended that if DLP is required, use Application Control to block Microsoft Edge as well to prevent its usage.

You can check for updates on this advisory on the Sophos Website – KB-000044881



This website uses cookies and asks your personal data to enhance your browsing experience.