Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 2898 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Client Firewall 3

JohnLee

Hi,

Installed SCF 3.0 on windows 8 pro after a few issues but finally got everything working.

First thoughts of SCF 3.0 are good but the basic configuration setup is hopeless.  It does not even contain internet explorer as an allowed application.  I understand that some deployments do not want this allowable but it would be easier to remove some applications than to set every permission one at a time.

Secondondly, when you view the blocked logs, you cannot assign the application to the allow list drirect from the log, you have to search each application one at a time.  A very slow process indeed.

Finally, are there any templates which can be modified to speed up this process and to assist deployment across a all client standalone systems.

Regards

John

:41053


This thread was automatically locked due to age.
Parents
  • 0

    Hello John,

    thanks for heads-up and the reference to the help (BTW: the restrictions pertaining to Windows 8 are are not mentioned in the Console help). Indeed there are several features unavailable on Windows 8: turn off reporting of local changes, (automatic) local network detection, allow launch of hidden processes, block modified processes (which is anyway unavailable on 64bit) - for the latter two there's a somwhat cryptic Note: This option is not available in Windows 8 as it is handled automatically by the Sophos Anti-Virus HIPS technology. Whilst it certainly does work, it requires HIPS to be enabled (which is recommended and the default) and in addition it's not clear when a behaviour is considered malicious and when "only" suspicious.

    interactive mode - it is IMO more than nice to have it for creating an initial set of rules, especially if a connection attempt is only made when another has previously been allowed.

    Christian 

    :41113
Reply
  • 0

    Hello John,

    thanks for heads-up and the reference to the help (BTW: the restrictions pertaining to Windows 8 are are not mentioned in the Console help). Indeed there are several features unavailable on Windows 8: turn off reporting of local changes, (automatic) local network detection, allow launch of hidden processes, block modified processes (which is anyway unavailable on 64bit) - for the latter two there's a somwhat cryptic Note: This option is not available in Windows 8 as it is handled automatically by the Sophos Anti-Virus HIPS technology. Whilst it certainly does work, it requires HIPS to be enabled (which is recommended and the default) and in addition it's not clear when a behaviour is considered malicious and when "only" suspicious.

    interactive mode - it is IMO more than nice to have it for creating an initial set of rules, especially if a connection attempt is only made when another has previously been allowed.

    Christian 

    :41113
Children
No Data
Cookie Information Banner