Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 6388 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to Network print - Invalid checksum

AlexC

I'm unable to print to a network printer. The firewall log shows that spoolsv.exe to the remote printer port is blocked because of an Invalid Checksum, it's coming from localhost(any).

I've tried searching the computer for all instances of spoolsv.exe and have added it to the checksum list in the firewall configuration, since the log doesn't tell me the file path of the specific application it blocked... I've also ensured that the LAN IP address of the printer is added to the trusted list.

Neither works - when I allow all traffic I can print without any problem, so the firewall is definitely the culprit here.

I'd be grateful for any suggestions?

:3017


This thread was automatically locked due to age.
  • 0

    Hello all,

    Solved my problem but thought to post here for sake of documenting and to save wasting anyones time replying.

    To determine the active process, go into Services under Administrative Tools and then find Print Spooler - open this and it will show the location of the spoolsv.exe.

    Add this to the checksum list in firewall configuration (remove any other spoolsv.exe in the list first), then also add it to trusted applications and hidden processes. I also added a Global Rule to allow outbound TCP to the remote IP address and port specified in the firewall block log rule when I experienced problems.

    Not sure which of the three things I applied is the actual solution, haven't got time to play about and find out now, but hope to do so soon!

    :3019
  • 0

    Hello Alex,

    while it may be tedious to create specific "minimum" rules using rather general settings thwarts the purpose of the firewall. Sophos Client Firewall: security implications of the configuration settings is might be worth reading.

    A global rule is not necessary if you've created a rule for a specific application.

    Although the launched application ("hidden process") must also be allowed in its own right, and may have its own rules you

    should not indiscriminately allow applications to launch others.

    Similarly an application should not be trusted without need.

    Of course there exist several layers of defense but for this reason you should not effectively disable one (or more) of them. Spoolsv.exe is a good example as this name is (sometimes) used by malware. Given that such a file somehow evades detection by SAV it will then be detected as modified application by SCF. If you inadvertently add its checksum (perhaps because you think that a recent Windows update might have changed it) and spoolsv.exe is marked as trusted it's free to do whatever it wants.

    haven't got time to play about and find out now - famous last words - but hope to do so soon! - that's a nice way to say and never will. :smileywink:

    But - thanks for posting this temporary solution.

    Christian

    :3039
  • 0

    Same problem here.

    Why does Sophos not give details on the file path of the specific application it blocked ? Would be pretty handy...

    And how about a checksum archive, where I can look up checksum of common executables?

    And how about the best practice configuration for the spoolsv.exe?

    :17693
  • 0

    Apparently there are known issues with HP Network Printers, as suggested here:
    http://de.sophos.com/support/knowledgebase/article/112562.html

    Unfortunately it seems impossible to actually read the configuration files to get an idea of what actions should be taken. Personally I do not want to install a black box configuration file...

    :17701
  • 0

    Hello Tobi,

    (BTW you should correct the link in your post)

    I can understand your reluctance . Now to get an idea of what is set you can import the configuration into a (more or less) empty policy. Question is what and how to import - the referenced article Sophos Client Firewall: merging rules (or its counterpart in German Zusammenführen von Regeln) is outdated and seems to apply to SCF 1.5 only. But for an empty policy you can choose Overwrite. Shows inly one Global rule but quite a number of application settings (including Trusted for a number programs).

    Christian

    :17703