I ran into a vexing problem that took me some time to solve and I didn't see anyone else had solved it, so I post my solution here.
BACKGROUND: The enterprise version comes with a host web proxy that intermediates all web requests called "SophosWebIntelligence.bundle". Enterprise Sophos runs using a separate account that it creates during installation called "_sophos". Little Snitch doesn't allow you to make rules for other users. Somehow certain connections were getting denied that showed an X over the Little Snitch icon even when I had no deny rules in my user's configuration, and removing and reinstalling Little Snitch had no impact to the problem.
RESOLUTION: I ended up having to run the Little Snitch Configuration tool as the _sophos user to fix the problem. As most enterprise malware teams aren't enthusiastic to either let you uninstall their tool or share configuration passwords, you can't fix this unless you have local admin privileges and can type a few console commands.
1. Open the Terminal.
Lots of ways to do this. Probably the fastest that's easily describable is Command-Space > type Terminal > hit return
2. Get to a command line as the _sophos user.
username$ sudo -u _sophos bash
Type in your password.
3. Launch the Little Snitch Configuration tool from the command line, without using the "open" command which always opens an application as the currently logged in user, instead of the command line user you may be sudoed into.
bash-3.2$ /Applications/Little\ Snitch\ Configuration.app/Contents/MacOS/Little\ Snitch\ Configuration
At this point, you can create the Little Snitch configuration rules for the Sophos user, such as allowing all or selected SophosWebIntelligence.bundle traffic.
Hope this helps!