Firewall problems and Internet on windows 7

HI,

Was it a problem even with "allow all traffic" selected?

It was only when you stopped the services would it work?

Was there anything of use in the FW log either under "blocked in the last 10 mins" or "blocked today"?

If it's not obvious then I guess it could be a driver conflict.  If you look in a msinfo32 output at the "System drivers" section there should be:

scfdriver

scfndis

which represent the Sophos Firewall.  

Are there any other third party applications on the machines which would install such drivers?  

Any other security apllications?  

Looking in:

\Windows\System32\drivers\

sorted by Company would be a good place to start (I would probably rule out Microsoft to speed things up as Microsoft drivers are usually pretty sound).  Then cross reference the others with the list in msinfo32, paying close attention to the driver "Type".

Another approach would be to go back to an image which is just the OS, Office and install Sophos Client Firewall I assume this must be ok? There must be some other application or applications that conflict I would think.  Once we can identify the applicaiton added that causes the problem this would help.

Regards,

Jak

Thanks for the respond Jak. However, all the configurations are the the same, but for some reason it is only affecting computers on the domain with windows 7 and not work group computers having the same OS. Outlook or Internet do only work after the SCF service is stopped and there were nothing blocked today. The director of networking services has looked through the logs. We are still trying to figure out what caused it because we upgrade to Enterprise vault to version 9  on the server and Installed SCCM client and on the server; those were the only things we pushed out on the network. I did uninstall the Ev9 client on my PC but still Sophos was messed up. Thats when we decided to conclude that it was affecting only computers on the domain with windows 7 as other computers with XP pro as fine.

Putting on a new image would another step but not ideal since we do not even know what the problem is at this point.

Thanks,

Hill

Hello again,

I would suggest the fastest way to determine the conflict would be to:

Take a new Win 7 machine, add it to the domain, ensure it has received all it's GPOs, Windows Updates and been rebooted.

I would then deploy Sophos with SCF.  This should work, if not it could be a GPO setting that is affecting the install.  At this point I would look to create a new OU for the machine, and link the policies to it one at a time until I found the one causing problems.

If SCF is ok at this point I would check the internet is OK, install Office+Outlook and ensure that all works.  I would then start deploying all the other endpoint packages trying IE and Outlook until it failed.  As it's likely to be a driver conflict I would be tempted to reboot before trying the above tests after intalling any software that could potentially install a driver.

The other approach would be to take one of the machines that is failing and start removing software, I would imagine at some point SCF would work with IE and Outlook, in which case which removed software package was the key to getting it working.

Identifying the conflicting software or GPO is the first thing to find out I believe.

You could paste the output of:

driverquery /V > drivers.txt

here if you like, it might show a likely candidate.

Thanks,

Jak

At this point we are just about to give up on sophos. I did use a fresh Vm win7 machine and sophos did work well after joining the domain and pushing out the GPOs. The sophos guys called and said that they have had problems with stateful tcp/ip and windows 7. so what we did is remove all the global rules and reset all the sophos configurations to default and only set to "allow all IP outbound" and "allow all IP IN Localhost" which made on of the computers work well. So we then pushed out all the GPOs based on same Global rules that one working computer had. But after couple of minutes when i rebooted another win 7 machine, it just wasnt having Internet connections.

The sophos guys said the software was detecting the location as secondary and not primary but that has nothing to do with disabling internet connections. The wierd thing is my computer which we were using as a test machine is now working fine but my directors computer and other machine, have to end the SCF service to get to Internet. We are at a point were we are about to remove sophos from 350 computers and switch to microsoft forefront;cause if Sophos themselves cant find an answer after 14days of having our logs, then we are on our own.

Hill