SonicWall warns web content filtering is broken on Windows 11 22H2


Security hardware manufacturer SonicWall warned customers today of what it describes as a “limitation” of the web content filtering (WCF) feature on Windows 11, version 22H2 systems.

SonicWall’s Capture Client is the company’s Windows and macOS security solution with Endpoint Detection & Response (EDR) capabilities that can be managed using the company’s Cloud Management Console service.

The WCF feature allows admins to configure policies that allow or block access to various domains/IP addresses, enable web activity reporting for easier monitoring, and throttle bandwidth.

“We have identified an inconsistency in Capture Client Windows 3.7.6 and older clients on endpoints running Windows 11 version 22H2,” the company said in an advisory published on Wednesday.

“This results in Web Content Filtering (WCF) policies that enforce blocked categories to be no longer effective on impacted endpoints. The ability to allow or block domains/URLs using custom lists continues to function normally.”

Since category-based blocking policies (crucial in restricting access to malicious, illegal, or inappropriate web content) no longer work, Windows 11 22H2 users are now susceptible to potential security risks by enabling access to previously restricted domains and URLs.

SonicWall Web Content Filtering
SonicWall Web Content Filtering UI (SonicWall)

​The service is broken because the encrypted and decrypted requests and responses exchanged between Windows endpoints and SonicWall Content Filtering Service are sent using Microsoft’s Cryptographic Application Programming Interface (CryptoAPI).

However, as SonicWall further explains, “in Windows 11 version 22H2, Microsoft CryptoAPIs have been modified, making Capture Client unable to decrypt responses from the SonicWall Content Filtering Service.”

The company says it’s currently working on a fix for this issue which will be made available with the release of Capture Client 3.7.7 for Windows on February 17th. 

As an interim measure, SonicWall has advised administrators to forego updating their Windows endpoints to the latest Windows 11 version to avoid breaking content filtering.

“As a temporary workaround, we recommend endpoints running Windows 11 not be upgraded to version 22H2 until Capture Client 3.7.7 for Windows is available,” SonicWall said.



Source link