On-Premise Endpoint

Sophos Endpoint Software Firewall Policies - Applications

On-Premise Endpoint requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 5 replies
Subscribers 1 subscriber
Views 4495 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall Policies - Applications

stauer over 14 years ago

Good Morning,

i need your help.

First some facts:

- Company with 100 Clients

- Need only 1 Firewall Policy

- Mode: Block by default

I need to create a Policy.

I want to enable some Programms, which can be used by our employee.

But I don't know how?

Do I have to do this on the tab Checksums, where I can add new applications by Checksum?

- But is this checksum for all programms like Firefox, or do I have to add for each PC a new checksum?

OR

Do I have to this on the tab Applications, where I can add new applications?

- Do I have to create a Rule for each Programm? Like - Application Firefox allows where the remote adress is 192.168.10.*

I dont know the difference between these two?

Please help me

(sorry for bad englisch, im german^^)

This thread was automatically locked due to age.

Parents

0 QC over 14 years ago

I beg to differ :smileyhappy:

Not using checksums all applications named firefox.exe can access the network with the rules set up for firefox.exe. This not only covers probably all versions but would include also compromised versions and totally different programs as well.

"Unknown" applications are permitted by application control whereas firewall using checksums blocks unknown applications. If I wrote a browse-o-matic (which primary function is downloading FakeAV software) and named the executable firefox.exe application control wouldn't care (unless someone snitches on it to Sophos). But SCF using checksums would not apply the rules for the genuine Firefox browser(s).

Christian
:2213
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 14 years ago

I beg to differ :smileyhappy:

Not using checksums all applications named firefox.exe can access the network with the rules set up for firefox.exe. This not only covers probably all versions but would include also compromised versions and totally different programs as well.

"Unknown" applications are permitted by application control whereas firewall using checksums blocks unknown applications. If I wrote a browse-o-matic (which primary function is downloading FakeAV software) and named the executable firefox.exe application control wouldn't care (unless someone snitches on it to Sophos). But SCF using checksums would not apply the rules for the genuine Firefox browser(s).

Christian
:2213
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data