Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 6389 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to Network print - Invalid checksum

AlexC

I'm unable to print to a network printer. The firewall log shows that spoolsv.exe to the remote printer port is blocked because of an Invalid Checksum, it's coming from localhost(any).

I've tried searching the computer for all instances of spoolsv.exe and have added it to the checksum list in the firewall configuration, since the log doesn't tell me the file path of the specific application it blocked... I've also ensured that the LAN IP address of the printer is added to the trusted list.

Neither works - when I allow all traffic I can print without any problem, so the firewall is definitely the culprit here.

I'd be grateful for any suggestions?

:3017


This thread was automatically locked due to age.
Parents
  • 0

    Hello Alex,

    while it may be tedious to create specific "minimum" rules using rather general settings thwarts the purpose of the firewall. Sophos Client Firewall: security implications of the configuration settings is might be worth reading.

    A global rule is not necessary if you've created a rule for a specific application.

    Although the launched application ("hidden process") must also be allowed in its own right, and may have its own rules you

    should not indiscriminately allow applications to launch others.

    Similarly an application should not be trusted without need.

    Of course there exist several layers of defense but for this reason you should not effectively disable one (or more) of them. Spoolsv.exe is a good example as this name is (sometimes) used by malware. Given that such a file somehow evades detection by SAV it will then be detected as modified application by SCF. If you inadvertently add its checksum (perhaps because you think that a recent Windows update might have changed it) and spoolsv.exe is marked as trusted it's free to do whatever it wants.

    haven't got time to play about and find out now - famous last words - but hope to do so soon! - that's a nice way to say and never will. :smileywink:

    But - thanks for posting this temporary solution.

    Christian

    :3039
Reply
  • 0

    Hello Alex,

    while it may be tedious to create specific "minimum" rules using rather general settings thwarts the purpose of the firewall. Sophos Client Firewall: security implications of the configuration settings is might be worth reading.

    A global rule is not necessary if you've created a rule for a specific application.

    Although the launched application ("hidden process") must also be allowed in its own right, and may have its own rules you

    should not indiscriminately allow applications to launch others.

    Similarly an application should not be trusted without need.

    Of course there exist several layers of defense but for this reason you should not effectively disable one (or more) of them. Spoolsv.exe is a good example as this name is (sometimes) used by malware. Given that such a file somehow evades detection by SAV it will then be detected as modified application by SCF. If you inadvertently add its checksum (perhaps because you think that a recent Windows update might have changed it) and spoolsv.exe is marked as trusted it's free to do whatever it wants.

    haven't got time to play about and find out now - famous last words - but hope to do so soon! - that's a nice way to say and never will. :smileywink:

    But - thanks for posting this temporary solution.

    Christian

    :3039
Children
No Data