Windows Defender Firewall get's disabled by Intercept X Advanced


multiple customers got in touch with us because they are not able to configure the Windows Defender Firewall anymore. Windows shows that Intercept X Advanced is used as firewall instead. The configuration was not changed, the policy in Central is still set to "Monitor only". Our own clients show the same behaviour:

Anyone with the same problem? I can't exactly say when this change happend, but it has to bee recently. Only clients show this behaviour, on servers everything is still fine.

Added TAGs
[edited by: Qoosh at 11:22 PM (GMT -7) on 1 Sep 2022]
  • So this also happened to me , I logged a support case with Sophos they said this is how it should be :

    Thank you for contacting Sophos Technical Support and for the update.

    Moving forward, it is normal to show Sophos Intercept X on it, as it has been detected by the OS as the active antivirus software installed. 

    They had asked to turn on and off certain parts of the protection to test . 

    The strange thing is why would intercept X show up as the firewall protection ??

    I then checked my home pc where I have bitdefender installed , in actual fact it looks the same but that has a firewall component if i disable that it goes back to Windows defender.on windows. 

    I wonder if you remove the device from : Firewall Policy in central what happens. (Although this only set to Monitor shouldnt change that )

  • You can not disable the Firewall policy as far as I can see, so all devices will at least use the enforced default policy which is set to "monitor only" by default. Sophos is claiming that this is by design and comes from Windows, but that's not the case with other vendors products as you already found out by yourself.

Reply Children
No Data