Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 2320 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SCF - Trusted application's outgoing traffic is sometimes blocked

pinkeyflower
Hi, I'm using Sophos Client Firewall 1.5.7. Recently I checked the logs and noticed in the allowed and blocked connections the same application, in this case Gw.exe. It is listed as Trusted in the Applications tab in the SCF configuration editor and I'm perplexed as to why some connections (only out connections are listed for Gw.exe) are blocked while others are allowed. I have checked some of the entries in the log and the allowed and blocked connections appear identical in the few that I have looked at (same remote port, remote address, protocol). How do I fix it so that all of the connections for Gw.exe are allowed? Thanks.
:2279


This thread was automatically locked due to age.
  • 0

    Hi pinkeyflower,

    It may be that there is another version of Gw.exe triggering the event, in this case, the file will have a different checksum.  As we recognise files by their checksum rather than name (by default at least) you may have to add the other checksum for Gw.exe into the authorised list too.

    Please see the following article for more information on configuring the firewall settings and checksums:

    http://www.sophos.com/support/knowledgebase/article/14201.html

    Regards,

    Stephen.

    :2373
  • 0

    Hello Stephen

    Im having the same problem,

    I created a Global rule where all traffc to a given ip is allowed and I unchecked the box "Use Checksume to authenticate applications", but anyway still block the application.

    Log's Reason: Invalid checksum

     Any other suggestion?

    Thanks in advance.

    :9723
  • 0

    Hello CL,

    it's probably not a good idea to turn off application authentication. Anyway - if it is turned off you shouldn't get Invalid checksum as the reason. Did you stop and restart the application? Is there a corresponding entry under Events/New or modified applications?

    BTW: Is the application also listed in the applications tab (global rules have by default a lower priority than application rules)?

    Christian

    :9745
Unfiltered HTML