Chrome 84 & Sophos Authentication for Thin Clients (SATC)

[German]A brief note for administrators who use Sophos Authentication for Thin Clients (SATC) in conjunction with a Chromium 84 browser There will be problems with authentication using SATC and the XG firewall. The recommendation is to prevent updating the Chromium browser and use Firefox as the browser.


This week, the Google Chrome browser was released in version 84 (see Chrome 84.0.4147.89 released) and is now being rolled out step by step. Microsoft has also released a security update for the Chromium Edge Browser 84 (see).

Authentication issues with SATC and the XG Firewall

German blog reader Bernie refers in this comment to a email distributed to Sophos users (see also this Sophos support article). Here is an excerpt:

Dear Sophos customer,

You are receiving this email because our records show that you are using Sophos Authentication for Thin Clients (SATC).

If your default browser is Mozilla Firefox, there is no need to take action.

Version 84 of Google Chrome and other chromium-based browsers is expected to be released on 14 July 2020.
This version will remove a feature that is required to ensure compatibility with SATC.

As a result, authentication with SATC and the XG firewall will no longer be able to correctly identify the user associated with web browsing traffic in Chrome.
This leads to policy and web traffic reporting errors.

Who is affected?

According to Sophos, all XG firewall customers using SATC on thin client deployments running multi-user Windows services such as Windows Remote Desktop or Terminal Services using Chrome or Chromium-based browsers will be affected. The measures recommended by Sophos are:

  • Use Mozilla Firefox, this browser is still fully compatible with SATC
  • Prevent updating in Google Chrome by disabling automatic updating.
  • If you are using the new Microsoft Edge browser, disable automatic updating. The original Microsoft Edge Browser is not affected by this issue.

For more information and links to instructions on how to manage settings in different browsers, see the knowledgebase article. However, Sophos is working on a new approach to authentication to multi-user Windows services, which will be compatible with future versions of Google Chrome and other Chromium-based browsers. The vendor intends to provide information as soon as there is any news on this. Maybe it will help.

Cookies helps to fund this blog: Cookie settings


This entry was posted in browser, issue, Software and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *