Following instructions allow to block all web access for a particular user, except few manually whitelisted websites. All actions are performed in the Sophos Central Admin web console.
- Go to Endpoint Protection > Settings > Website Management and add all websites you want to allow. Make sure to add a tag.
- While still in Endpoint Protection section go to Policies and add a new Web Control policy
- Modify the new policy as follows:
- Under Users add all users that web block will apply to.
- Under Settings
- Web Control - Enabled
- Additional security options - Let me specify - set all categories to Block
- Acceptable web usage - Let me specify - set all categories to Block
- Log web control events - Enabled
- Control sites tagged in Website Management - click Add New and select the tag you added in the first step for whitelisted websites.
- Under Policy Enforced make sure Policy is enforced is enabled.
- Click Save
That's it. In my experience policy is applied pretty much immediately after clicking Save. If you make any changes to the whitelist (under Settings > Website Management), open the Web Control policy and save it without making any changes to re-apply the policy to clients.
June 2019
Sophos Endpoint Protection
Sophos Central Admin
Windows 10 Pro
I used the same steps but it didn't work as expected and user was able to access some other sites and strange thing is some of the sites which we allowed in policy are also getting blocked.
Also, I had enabled the option "Protect against Data loss" and blocked data sharing. Can this be the issue here? Could you please help in this?