SSL/TLS decryption of HTTPS websites

You can control whether we decrypt websites to check them.

Restriction This feature is only available for Windows endpoint computers.

Secure websites (HTTPS) are encrypted, so we can only scan the contents if you let us decrypt them.

However, you might want to exclude some or all sites from decryption. That’s because decryption might let our product record personal information like account details and show it in log entries.

Turn decryption on or off

To turn decryption of HTTPS websites on or off, do as follows:

  1. Go to Overview > Global Settings.
    Overview menu
  2. Under Endpoint Protection, click SSL/TLS decryption of HTTPS websites.
    Global Settings page
  3. Turn on or turn off Decrypt HTTPS websites using SSL/TLS (Windows only).
    SSL/TLS decryption page

If we decrypt a website that’s risky, we block it. We show the user a message and give them the option to submit the site to SophosLabs for reassessment.

Exclude websites from decryption

You can exclude some HTTPS websites from decryption to protect sensitive data.

Note If you exclude websites, some settings in your Threat Protection and Web Control policies (scanning downloads or blocking risky file types) won’t apply to them. However, we’ll do checks that don’t need decryption.

By default, websites in the Finance & Investment category are excluded. You can turn off this exclusion, but you can’t add or remove categories.

To exclude specific websites from decryption, do as follows:

  1. Go to Overview > Global Settings > > SSL/TLS decryption of HTTPS websites.
  2. Look for Websites excluded from HTTPS decryption.
    Exclusions section on SSL/TLS decryption page
  3. Click Add exclusion.
    "Add exclusion" button
  4. On the Add exclusion dialog, enter details of the website.
    1. Enter a domain name, an IP address, or an IP address range. For examples, see Website exclusions.
    2. Optional Add a comment as a reminder of why you excluded the site.
    3. Click Add.
    "Add exclusion" dialog