Today, security hardware manufacturer SonicWall alerted customers of a limitation of the web content filtering feature on Windows 11, version 22H2 systems. SonicWall's Capture Client is a security solution for Windows and macOS that has Endpoint Detection & Response capabilities and can be managed with the company's Cloud Management Console service. The WCF feature allows admins to configure policies that allow or block access to certain domains/IP addresses, enable web activity reporting for easier monitoring, and throttle bandwidth. SonicWall has identified an inconsistency in Capture Client Windows 3.7.6 and older clients on endpoints running Windows 11 version 22H2, which results in Web Content Filtering policies that are no longer effective on impacted endpoints. The ability to allow or block domains/URLs using custom lists still works. Because of this, Windows 11 22H2 users can access websites and domains that were previously blocked, which could put them and their enterprise environment at risk. The issue is due to the encrypted and decrypted requests and responses exchanged between Windows endpoints and SonicWall Content Filtering Service being sent using Microsoft's Cryptographic Application Programming Interface. Microsoft CryptoAPIs have been modified in Windows 11 version 22H2, making Capture Client unable to decrypt responses from the SonicWall Content Filtering Service. SonicWall is working on a fix for this issue which will be available with the release of Capture Client 3.7.7 for Windows on February 17th. As a temporary solution, SonicWall recommends that endpoints running Windows 11 not be upgraded to version 22H2 until Capture Client 3.7.7 for Windows is available.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 08 Feb 2023 22:57:02 +0000