Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 1 subscriber
  • Views 29760 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Checksum Error on Internet Explorer

RalphMalph

Running Windows 8 and every time a browser updates itself I have to manually update the checksums.  This time I rebooted and I suppose Internet Explorer had updated and now the firewall says the checksum does not agree.  But even when I go into the checksum list and replace the app, the checksum does not work.  I still get the checksum error.  I have verified that I am updating the checksum from the app I am running.  I can't figure out what is going on that the checksum when running is not the same as the checksum Sophos gets when it is simply on the hard disk. 

Any idea how to troubleshoot this problem?  It is getting so that I don't want to reboot my machine anymore because every time I do Sophos firewall has a problem granting access to valid apps.

:49568


This thread was automatically locked due to age.
Parents
  • 0

    Hello RalphMalph,

    this is perhaps not a checksum issue, but first:

    Maybe I didn't explain myself clearly.  I *AM* updating the checksum manually ...

    Maybe it was me who didn't explain himself clearly :smileyhappy: - the alert just names the application but doesn't include the path AFAIK. One might think that adding the checksum locally is a no-brainer, but some applications have more than one executable (e.g. 32bit and 64bit version) which comes into question. Still this is not a big problem but it's easier to add the checksum from the alert on the console.

    Anyway - The revision number in IE was not the same as reported by Sophos

    Apparently the file executed was not the same for which you added the checksum. As the checksums "stick" (unless you remove them) once you've added them for all versions present it doesn't matter which one is called. Wonder from where iexplore.exe was picked up after you have renamed it (BTW: dunno about Windows 8 but IE is usually "protected" by the System File Checker and immediately restored if you rename or delete it).

    Please make sure that the checksum recorded in the firewall log (Events +> New or modified application) is indeed in the list for iexplore.exe. if it is and it still doesn't work uncheck the option to make sure it's nothing some other issue (similar to the one in this post - though it shouldn't apply as Block hidden processes is Unavailable on Windows 8. Functionality is provided by HIPS - but who knows).

    Christian

    :49600
Reply
  • 0

    Hello RalphMalph,

    this is perhaps not a checksum issue, but first:

    Maybe I didn't explain myself clearly.  I *AM* updating the checksum manually ...

    Maybe it was me who didn't explain himself clearly :smileyhappy: - the alert just names the application but doesn't include the path AFAIK. One might think that adding the checksum locally is a no-brainer, but some applications have more than one executable (e.g. 32bit and 64bit version) which comes into question. Still this is not a big problem but it's easier to add the checksum from the alert on the console.

    Anyway - The revision number in IE was not the same as reported by Sophos

    Apparently the file executed was not the same for which you added the checksum. As the checksums "stick" (unless you remove them) once you've added them for all versions present it doesn't matter which one is called. Wonder from where iexplore.exe was picked up after you have renamed it (BTW: dunno about Windows 8 but IE is usually "protected" by the System File Checker and immediately restored if you rename or delete it).

    Please make sure that the checksum recorded in the firewall log (Events +> New or modified application) is indeed in the list for iexplore.exe. if it is and it still doesn't work uncheck the option to make sure it's nothing some other issue (similar to the one in this post - though it shouldn't apply as Block hidden processes is Unavailable on Windows 8. Functionality is provided by HIPS - but who knows).

    Christian

    :49600
Children
No Data