Problem with Windows Firewall on machines with Sophos Endpoint Agent installed

Hello there...

I am facing the following problem:

I can not ping nor access shared folders and similar protocols on computers with Sophos Endpoint installed with module "Sophos Intercepct X" enabled, Windows Firewall feature enabled and Windows Firewall also turned on the machine (Below a image of Windows Firewall enabled, and Sophos Features enabled)

As you can see on the two images in the table above, we have Sophos Agent running with all modules enabled, and on Windows Defender Firewall we have it enabled.


Below the most precise description of the scenario i could came up with, that presents us a problem (Most specific: Shared Folders AND ICMP):

---- Hostname: Desktop01 - IP: 192.168.1.1 ----

Has Sophos Endpoint installed and enabled.
Has Windows Firewall enabled.
Windows Firewall Rules: Has permissions and rules for ICMP and SMB.

---- Hostname: Desktop02 - IP: 192.168.1.2 ----

Has Sophos Endpoint installed and enabled.
Has Windows Firewall enabled.
Windows Firewall Rules: Has permissions and rules for ICMP and SMB.

The problem:

If i am on some of the computers and try to create a shared folder or a printer, the other side is unable to communicate.
Example:

>> Desktop01 has "Printer 01" shared using SMB.
>> Desktop02 tries to access through Windows Explorer Desktop01 - \\192.168.1.1\

It does not connect. Even tho, the RULES to allow this are CREATED on BOTH computers.

Here is TWO ways i came up with to solve this (Not a permanent solution since it creates gaps):

1. Uninstall Sophos Agent on BOTH computers (Windows Firewall not touched - It remains enabled but no more Sophos)
>>> It works. Desktop02 is now able to access Desktop01 (So at this step we see that it is a problem created by the installation of Sophos Endpoint)

2. Keep Sophos Agent but disable Windows Defender Firewall on the menu of the first image on the table.
>> Control Panel\System and Security\Windows Defender Firewall\Customize Settings ... Firewall Disabled.
>> This fixes but then... It creates a vulnerability since Windows Firewall becomes disabled.

The only thing i can come up with is that, for some reason, Sophos is overriding Windows Firewall Rules and creating this problem.

Important things:

>> 1 Sophos Intersect X is set to MONITOR only....
>> 2 We DO NOT have ANY GPO that creates, disables or interacts in any way with our Windows Firewall.

I have never seen this and have really no idea of what i can do.
Can someone please give us some help?

Thank you.



Updated TAGs
[edited by: Qoosh at 10:55 PM (GMT -8) on 12 Dec 2022]
Parents Reply Children