Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 5 subscribers
  • Views 2209 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall Interactive mode

Blood

Hello

I have two firewall configurations. One is 'block by default' and is used for on-premise clients - we have a single office so if anyone is having issues running an application etc., I can review and adjust as required. The second is 'Interactive mode' - this is applied to laptops (anyone on the move). Staff may need to install programs and the ability to register a serial number etc., is important. They can choose Interactive Mode and register the software, or whatever it is they need to do.

Why has Interactive Mode been discontinued? It is available when configuring a policy from the Enterprise Console. I just spent several minutes on a new Windows 10 laptop wondering why Dell Update seemed to be taking an age to identify new updates. Checked the firewall and it is on Block by Default. 

There is no notification stating it is not available on Windows 10. For our on-premise clients, this does not matter. For our roaming clients it matters a lot. Changing the mode to Allow all traffic is not desirable.

What am I missing here?



This thread was automatically locked due to age.
  • +1

    Has 30 June 2021 as the retirement date for the Windows firewall.  As per this post:  there is no interactive mode on newer OS and isn’t likely to appear given the retirement date I would suggest.

    Regards,

    Jak

  • +1

    Hello Blood,

    Interactive mode is gone for good with SCF 3.x (the version applicable to Windows 8.1+). it's not  Sophos' decision but due to architectural changes in Windows. WFP, the Windows Filtering Platform, is the only permitted interception method and does not allow for arbitrary delays.

    BTW - SCF will be retired mid-2021.

    Christian

  • 0 in reply to QC

    Thank you to both of you for responding to my query.

    Do you know if Sophos will provide the ability to control program access through the Windows firewall, either via configuration of the firewall itself or through the use of a behaviour monitoring module? Or, perhaps, it is assumed that if the application is allowed/blocked in Application Control it will also be allowed unfettered access to the Internet (or however it might be implemented)?

  • 0 in reply to Blood

    Hi Blood, 

    I've confirmed internally that having functionality to control Windows Firewall from SEC would have to be a feature request.

    Please go to our Feature Request Site for this. 

     

    Regards, 

    RodS

    Technical Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • 0 in reply to Blood

    Hello Blood,

    if I understand you correctly, you want to control connections from/to certain specific applications?
    Don't hold your breath. I don't know if this is already on the roadmap for Central (that would, I assume,  receive such a feature first). While it lets you monitor and configure the Windows firewall this is AFAIK restricted to setting the general inbound behaviour equivalent to  netsh advfirewall set [profile] [blockinboundalways|blockinbound|allowinbound] - in other words unconditionally block inbound, block or allow inbound connections that don't match a rule. The specific rules have to be configured locally (if GPOs are used Central won't interfere).

    Christian

Unfiltered HTML