Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 9 subscribers
  • Views 8657 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How can I control Sophos update process with "Windows Firewall"?

Adachi

Hi

I want to control (allow / block) the Sophos update with "Windows Firewall".

I set up to block all services and processes related to Sophos with "Windows Firewall",
but eventually I could not block and could update...

If there is any other way with Windows Firewall, please link the information.

 

Regards,

Adachi



This thread was automatically locked due to age.
  • 0

    Hello Adachi,

    err, excuse me, what is it you want to do? Or: You are doing what? How come you seemingly indiscriminately block all services and processes related to Sophos?
    And yes, plugging the tailpipe is one way to shut off a combustion engine.

    Christian

  • 0 in reply to QC

    Hi, Christian

    Thanks for your reply.

    As a circumstance, the Windows server that installed Sophos Endpoint Console
    is located in an area connected to the Internet, but only Sophos Update is effective,
    I would like to block other external access.

    It is an environment where you can not filter on Sophos's update destination such as dci.sophosupd.com etc,
    so I would like to realize it by controlling the server itself.

    I am planning to use Windows Firewall as a tool to control.
    So I asked how to control Sophos's update with Windows Firewall.

    Even if I specify Sophos Update Manager.exe and SUMservice and configure to block on port 80,
    I can update, so I tried to block all Sophos related services and processes,
    but eventually I can update... It is a state that I do not know how to do it.

    Regards,

    Adachi

  • 0 in reply to Adachi

    Hello Adachi,

    lost or added in translation (from what language)? It's a little bit confusing.
    I understand you have a SEC/SUM that can connect to the Internet. Normally it's supposed to download updates from Sophos. You say you would like to block other external access - you mean, to sites other than Sophos, or? Why do you want to block the update?

    Christian

  • 0 in reply to QC

    Hi Christian,

    The reason why I want to control Sophos Update with Windows Firewall is as follows.

    In order to update from the Sophos management server, I'm considering blocking accesses other than updates from the Internet on the server,
    because the port can not be narrowed down on the network.

    Therefore, I think that it is necessary to specify the port to be used for Update in Windows FireWall in order to identify the port other than Update.
    In order to specify the port to be used for Update, we intentionally block it, and we are carrying out verification assuming the result that Update can not be done.

    For example, even if I specified Sophos Update Manager.exe and SUM service and blocked port 80 on Windows FireWall, I could update it.
    Even if you specified all Sophos *** services as blocks, I could update them.
    When blocking port 80, Update was not possible.
    The verification method seems to be strange, but the purpose is to identify the service to be used in Sophos update.

    Regards
    Adachi

  • 0 in reply to Adachi

    Hello Adachi,

    do I understand correctly that you want to make sure that you open just the correct port for Sophos updates - and in order to verify that you chose the right one you try to block it?

    Anyway, it's SophosUpdateMgr.exe that connects on port 80 (the upcoming SUM 1.7.0 will try HTTPS/443 first before falling back to HTTP/80). Just tested it, works as expected. Please note that various Sophos processes establish inter-process connection on the loopback interface.

    Christian

Unfiltered HTML