Sophos client firewall and local admin rights

Hello barryp,

interactive means that whenever an event is not covered by the existing rules and settings the user is prompted for a "decision". Of course a "limited" user can only create rules for his own account and not system wide.

What exactly do you mean by can't add applications?

Christian

Christian

Thanks for the reply. I've more or less sorted this with Sophos support, the Sophos Firewall is different from our last product (McAfee) in that although members of the local users group can create application rules, they can't add checksums for new or ammended applications.

It's more secure that way of course but a bit harder for us to administrate when we have so many different versions of so much different software out in the field.

I'm revisiting this thread because with our recent test upgrade to 9.7, I find that regular users are not able to 'allow all' for applications any more, they can only 'allow once'. Does anyone know if this is by design or do I have a configuration problem? I can sort of understand it, but it is a real pain. I obviously won't make users admin on their boxes, don't even want to make them Power Users, but would consider that if it fixed the problem. Thoughts?

And... if it is by design, why are users offered the option? An example follows:

Coffee Cup HTML Editor (coffee.exe) - used by one user, it is not configured by SEC. It access website via FTP, using standard port 21 call then passive port call. The Sophos dialog pops up, if I say allow all, it hangs for 60 seconds and times out. In the Sophos log it shows as 'Blocked, Reason: Interactive Mode' or something like that. If I allow once, it works, pops up again, and I have to allow once again. And I have to do this every time I want to do anything with the site. It seems to me that if it's by design, the option should be greyed or a big popup should say 'Talk to your admin about approving this!'