I have been using Sophos Endpoint Security and Control on a couple of stand alone machines (not managed by SEC or anything else) fine since December 2014.
On Tue 17 Feb in the afternoon I was browsing with Internet Explorer fine. Then next time I used IE, maybe 1/2 hour later, I was getting a "Waiting for google.com" followed by "This page cannot be displayed". This now happens for all sites, not just Google. A little later in the day my partner found the same problem started happening on her laptop.
The configuration on both machines for the Sophos firewall is the default configuration with IExplore.exe added as a trusted application. Thus I have both 'Block by default' and 'Use checksums to authenticate applications' selected.
If I change the firewall configuration from 'Block by default' to 'Allow by default' then IE works fine.
If I uncheck 'Use checksums to authenticate applications' (and keep 'Block by default' selected) then IE immediately says "This page cannot be displayed", there is no visible pause before this message is displayed.
I looked at the Firewall log whilst IE was failing and saw some SvcHost.exe entries blocked. I changed SvcHost.exe to be Trusted instead of Custom and the entries were no longer blocked but IE still failed.
There are two checksum entries for IE in the Checksums tab, these are for the versions of IExplore.exe in:
C:\Program Files\Internet Explorer
C:\Program Files (x86)\Internet Explorer
The version numbers shown in the checksum tab are both shown as:
11.00.9600.16384 (winblue_rtm.130821-1623)
However, when I check the version of the IExplore.exe files themselves it shows:
11.00.9600.17416 which is different which seems odd?
Both computers have stand-alone Sophos Endpoint Security and Control V10.3. The computers are connected through a router with no other computers involved. We both have Windows 8.1 and IE V11.0.9600.17631, Update Versions: 11.0.16 (KB3021952).
I tried to see what changed on the afternoon on Tue 17 Feb. The Sophos Updating Log showed successful installations of SAVXP but no Sophos Client Firewall has been installed since I started using it.
There was an update of IE V11 from Microsoft on Fri 13 Feb 14:20 on one of the machines (KB3034196). I don't know if this could be related, but it was installed a few days before the problem showed itself.
I've scanned both the computer for viruses and found none, I've reset my router and no difference.
It looks like the firewall is blocking something from accessing web sites, but I can't see anything in the Firewall log. I don't know if it is something to do with checksums. Has anyone else seen this?
The following may be relevant, but was only on one of the machines:
On Mon 16 Feb I used IE to connect to an FTP site fine. I couldn't use Explorer to view the FTP site though. I realized the firewall was blocking it so I added Explorer.exe as a trusted application to the Sophos Firewall from both C:\Windows & C:\Windows\SysWOW64. I could then access the FTP site, but I found when I right-clicked on any file in Explorer it hung with the revolving circle for a period (1 minute, maybe two, haven't measured it) until the menu then appeared. I played with checksums in the Firewall and found:
- If explorer.exe is trusted, 'Use checksums...' is checked, and the checksums for explorer.exe are present: FTP works ok, right-click hangs
- If explorer.exe is trusted, 'Use checksums...' is unchecked, and the checksums for explorer.exe are present: FTP works ok, right-click works ok
- If explorer.exe is trusted, 'Use checksums...' is checked, and the checksums for explorer.exe are not present: FTP doesn't work, right-click works ok
My partners' machine never tried to communicate with the FTP site and didn't add Explorer.exe to the firewall, but still exhibits the IE problem.
This thread was automatically locked due to age.
