This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Windows Defender Firewall get's disabled by Intercept X Advanced

Hello,

multiple customers got in touch with us because they are not able to configure the Windows Defender Firewall anymore. Windows shows that Intercept X Advanced is used as firewall instead. The configuration was not changed, the policy in Central is still set to "Monitor only". Our own clients show the same behaviour:

Anyone with the same problem? I can't exactly say when this change happend, but it has to bee recently. Only clients show this behaviour, on servers everything is still fine.



This thread was automatically locked due to age.
Parents
  • Hi Dreamcatcher,

    I ran a quick check on a Windows 10 system and it seems to me that the information which is displayed in the Windows Security Center is incorrect.

    The checks I ran are:

    1. netsh advfirewall show currentprofile --> this one shows that the Windows Defender Firewall is active
    2. wf.msc --> here I modified the predefined outbound "Core Networking Diagnostics - ICMP ECHO Request (ICMPv4 Request)" rule so that it would block these. After activating the rule it blocked all ping requests as expected.

    Regards,
    Marcel

  • Hey,

    yeah, it seems like the firewall is still working, though to me it looks like a bug in Intercept X that the security center says it is disabled. On servers this behaviour is not present, meaning the security center shows the defender firewall is active as it should be. Sophos support claims that this behaviour is by design, seems pretty inconsistent to me.

  • We have to be careful when comparing servers to clients, especially when it comes to the behavior of the Security Center. This is also why we have to deactivate or uninstall Window Defender on servers as described in the following KBA article: https://support.sophos.com/support/s/article/KB-000033429. On a client this is done automatically. 

Reply Children
No Data