Unable to Use Telnet Because Firewall is Blocking "System"

Hello RalphMalph,

haven't seen something like this - system is the kernel and doesn't have a checksum. Could you post the log record's details (and are there corresponding entries in the Events subtree)? If this is on Win7, are you using Interactive mode?

Christian

This is Windows 8.  Ever since I installed Sophos on this machine it has acted oddly.  When a browser is updated I don't get a popup asking to change the checksum, the browser just stops working and I have to recognize that the checksum needs to be manually updated. 

I don't know what you mean by Interactive mode and I don't know about the events subtree.

Here is the record.

12:03:05 PM    system    OUT REFUSED     TCP    127.0.0.1    Telnet    Invalid Checksum

Once when I ran the same test I got this result

12:12:57 PM    telnet.exe    OUT REFUSED     TCP    127.0.0.1    Telnet    Invalid Checksum

I was focusing on the socket server program and I realized this message is coming from the client end, the telnet program under windows.  This is run from a command window using the command line "telnet localhost  -t vtnt".  I tried adding the program cmd.exe with no better results.  I gave it the remote access client rule. 

Hello RalphMalph,

I don't know what you mean by Interactive mode ... I don't get a popup asking to change the checksum

Interactive mode, where the user is prompted when there is an unknown application or traffic without a matching rule, is not available on Windows 8. As this popup will only be displayed in interactive mode you can't get it.

the events subtree

is near the bottom in the Firewall Log viewer's left pane (at least in SCF 2.9, dunno about 3.0)

The second record suggests that SCF thinks telnet's checksum is incorrect. Why it displays system as application most of the time I can't say. I'd suggest that you contact Support. 

Christian

Why is interactive mode not available under Win 8?  Will this be offered in the future?  What about Win 8.1?  I am thinking of upgrading to 8.1 but it appears that support by many apps is limited just as your support for Win 8 is somewhat limited.

Hello RalphMalph,

your support for Win 8 ... Why is interactive mode not available under Win 8?

I'm not Sophos :smileyhappy:. Guess there's not (yet) a reliable way to make it work with the new UI architecture.

Christian

Sorry for the mistake, I thought you were from Sophos. 

I found the telnet.exe app and added it's checksum, so the messages are not being blocked by the firewall any longer.  Turns out telnet.exe is hidden by Windows Explorer even though I have hide system files turned off.  Silly Windows...  I had to do a search of the entire Windows directory and it showed up in the search results. 

Even though the messages are being passed by the firewall something is still wrong.  I don't know much about networking, so I'm not doing too well debugging this. 

Thanks for the help.

Hello RalphMalph,

I had to do a search of the entire Windows directory

normally SEC's Event viewer should enable you to amend the policies as required (but of course if you use it the client should be compliant with the policy on the server - otherwise you'd overwrite the local changes).

Christian

Thanks for the response.  I've been getting help with this elsewhere and still have not solved the problem.  It doesn't look like the firewall is blocking the messages, but it is still not working.  Seems that some of the tools to investigate this problem don't work under Windows 8 for a local loopback on localhost.