I am facing the following problem:
I can not ping nor access shared folders and similar protocols on computers with Sophos Endpoint installed with module "Sophos Intercepct X" enabled, Windows Firewall feature enabled and Windows Firewall also turned on the machine (Below a image of Windows Firewall enabled, and Sophos Features enabled)
As you can see on the two images in the table above, we have Sophos Agent running with all modules enabled, and on Windows Defender Firewall we have it enabled.
Below the most precise description of the scenario i could came up with, that presents us a problem (Most specific: Shared Folders AND ICMP):
---- Hostname: Desktop01 - IP: 192.168.1.1 ----
Has Sophos Endpoint installed and enabled.Has Windows Firewall enabled.Windows Firewall Rules: Has permissions and rules for ICMP and SMB.
---- Hostname: Desktop02 - IP: 192.168.1.2 ----
If i am on some of the computers and try to create a shared folder or a printer, the other side is unable to communicate.Example:
>> Desktop01 has "Printer 01" shared using SMB.>> Desktop02 tries to access through Windows Explorer Desktop01 - \\192.168.1.1\
It does not connect. Even tho, the RULES to allow this are CREATED on BOTH computers.
Here is TWO ways i came up with to solve this (Not a permanent solution since it creates gaps):
1. Uninstall Sophos Agent on BOTH computers (Windows Firewall not touched - It remains enabled but no more Sophos)>>> It works. Desktop02 is now able to access Desktop01 (So at this step we see that it is a problem created by the installation of Sophos Endpoint)
2. Keep Sophos Agent but disable Windows Defender Firewall on the menu of the first image on the table.>> Control Panel\System and Security\Windows Defender Firewall\Customize Settings ... Firewall Disabled.>> This fixes but then... It creates a vulnerability since Windows Firewall becomes disabled.
The only thing i can come up with is that, for some reason, Sophos is overriding Windows Firewall Rules and creating this problem.
>> 1 Sophos Intersect X is set to MONITOR only....>> 2 We DO NOT have ANY GPO that creates, disables or interacts in any way with our Windows Firewall.
I have never seen this and have really no idea of what i can do.Can someone please give us some help?
If you were to disable all of the scanning components using the Tamper Protection override option, what results do you get?
If the issue persist, this could mean that Sophos being installed on the device affects the operation of the Windows Firewall. If the issue goes away, I'd suggest proceeding through component isolation to determine if there is one specific scanning component that needs to be adjusted.- https://support.sophos.com/support/s/article/KB-000036572?language=en_US
Let me know what sort of results you get.
I turned off the settings but the problem persisted.
The weird thing is: This only happens when Sophos is installed. It does not happen otherwise.
I have followed up with you via PM to share further guidance.