A Sophos "Lockdown malicious behavior in Bluescape" message appears and you are unable to authenticate when attempting to log on to Bluescape

Support Note
The below topic outlines a known issue that members may encounter. Bluescape is aware of this issue and is actively working on a resolution.

In Bluescape, using Microsoft Windows, when you attempt to log on, you are redirected back to the sign-in page. Following your log on attempt, Sophos throws a “Lockdown malicious behavior presented in Bluescape” message.

Steps to reproduce

  1. Download the Bluescape Native App.
  2. Open the app and enter your authentication details.
  3. Quit the Native App.
  4. Select a link that opens in Bluescape.

Expected result

The Bluescape app opens successfully.

Observed result

After entering your authentication details, you return to the login page, and Sophos throws a “Lockdown malicious behavior presented in Bluescape” message.


This issue was observed in (but may not be limited to):

  • Bluescape Native App on Microsoft Windows
  • Sophos Endpoint Agent


As a workaround to this issue, the popup can be safely ignored. Bluescape should continue to function as expected.

Our team is working towards a solution. We encourage you to follow this topic, as information is subject to change.

If you are experiencing this issue, please react to this topic and help our product team understand the scope of impact on our members. Plus 1

A ticket has been created: Provision via applink: ‘Lockdown’ malicious behavior prevented in Bluescape message seen in WINDOWS