Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 1 subscriber
  • Views 4791 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why is the client firewall appearing when no policy is set?

emps

Hi all.

We have a problem with some machines deciding to enable/install the client firewall and stopping all traffic. 

We do not have a firewall policy set and it isn't installed when it is pushed out with the AD Sync or when installed manually.

The client AV version is 9.7.5 and it is being managed by a 4.7 Console. These are XP SP3 machines.

The default firewall policy has not been enabled/configured/set up.

How can I work out why this is happening? It doesn't always do it straight away and other computers in the same group with the same policy aren't affected. 

Help!

Thanks in advance

Paul

:17363


This thread was automatically locked due to age.
Parents
  • 0

    The mode is "block by default" for some reason - very annoying as we cannot remotely manage the machine to remove it

    This is indeed the default mode - but SCF has an inbuilt set of rules which should allow downloads an communication with the management server. While you normally can't access the machines by other means in this situation, you should be able to turn off SCF by modifying the policy (using Advanced...).

    To install SCF automatically when syncing is done you have to tick the appropriate box (you should check this setting). When installing using the GUI likewise and when installing with the command line a switch is needed. Apart from that it is possible to request the SCF addition for an existing install by setting certain registry keys/values - but this is unlikely the reason.

    Anyway, the logs (from %Windows%\Temp\ and %ProgramFiles%\Sophos\AutoUpdate\Logs\ should give an insight what happened an when).

    Christian

    :17371
Reply
  • 0

    The mode is "block by default" for some reason - very annoying as we cannot remotely manage the machine to remove it

    This is indeed the default mode - but SCF has an inbuilt set of rules which should allow downloads an communication with the management server. While you normally can't access the machines by other means in this situation, you should be able to turn off SCF by modifying the policy (using Advanced...).

    To install SCF automatically when syncing is done you have to tick the appropriate box (you should check this setting). When installing using the GUI likewise and when installing with the command line a switch is needed. Apart from that it is possible to request the SCF addition for an existing install by setting certain registry keys/values - but this is unlikely the reason.

    Anyway, the logs (from %Windows%\Temp\ and %ProgramFiles%\Sophos\AutoUpdate\Logs\ should give an insight what happened an when).

    Christian

    :17371
Children
No Data