When using the “Block malicious downloads” feature in Sophos Endpoint Software, HTML5 Server Sent Events (SSE) will not work properly. The SSE connection appears as a never-ending download, though the amount of data transmitted is very small. The “Block malicious downloads” feature works by using Sophos as a proxy for the download, and has a 2MB buffer before it serves the data to the client. Since the SSE data is much smaller than 2MB, the data is never served to the client.
The LEMR cloud uses SSE to send notifications to the LEMR Client and LEMR Server software when a medical test has started or finished, and triggers the LEMR software to refresh and download data from the server. If SSE is blocked, an affected LEMR component will not receive notifications, and the flow of the medical test will be interrupted. This will inhibit the ability of the user to use LEMR to connect their electronic medical record system to their medical devices.
When Sophos “Block malicious downloads” feature is used with LEMR software, SSE connections immediately close because the LEMR software is not receiving a response from the server.
A network administrator can create an exception to allow downloads from notify.lemr.com.
1. Ping notify.lemr.com to get the IP address for the notification server. It is a static address.
2. Add a website authorisation for the IP address.
For Sophos Home, navigate to Devices Configuration > Web Protection Exceptions.
For SEC Managed add the exception to the AV policy as a Website Authorization.
For Cloud you can add a website exclusion to:
https://cloud.sophos.com/manage/config/settings/scanning-exclusions
The source for this diagnosis and solution came from:
Server Sent Events blocked by Download Scanner - Sophos Endpoint Software - On-Premise Endpoint - Sophos Community
Thank you to UlrichJansen for identifying this issue and thank you to Jak for the solution.
Need Help?
LEMR customers can get help by contacting LEMR Support.