/build/static/layout/Breadcrumb_cap_w.png

Sophos Antivirus blocking kbox

Does anyone know the firewall policies I need to put in place to allow the kbox to talk to clients that have Sophos Antivirus and firewall installed

0 Comments   [ + ] Show comments

Answers (7)

Posted by: airwolf 11 years ago
Red Belt
0
If you're not using SSL then you need to open ports 80 and 52230. If you're using SSL, it would be 443 and 52230.
Posted by: rswihart 11 years ago
Orange Belt
0
is these ports on the kbox or clients My clients are the ones not checking in
Posted by: airwolf 11 years ago
Red Belt
0
The agent hits the KBOX on ports 80/443 (HTTP/S) and 52230 (AMP). So, these ports have to be allowed in the client firewall.
Posted by: RichB 11 years ago
Second Degree Brown Belt
0
We also use Sophos and in addition to the ports mentioned already, every time a new version of the client is released the Sophos server has to be made aware of the newer version or else it flags it as "Suspicious Behavior." If your Sophos policy restricts Suspicious Behavior items from running then that would also prevent clients from checking in. In our environment the new client is allowed to run but a lot of error messages start getting generated and emailed to us so we like to configure it before upgrading KBOX clients.

For example, I will be installing version 5.1.31311 client on one computer so Sophos can discover the new version and then change it's designation from Suspicious to Allowed before pushing it to all computers.
Posted by: rswihart 11 years ago
Orange Belt
0
Richb I think I got it. I had to go into interactive mode and then export. Should we be OK if we do not use ckecksums for client upgrades?
Posted by: RichB 11 years ago
Second Degree Brown Belt
0
If you do not have the HIPS scanner set to “Alert only” Sophos will find kinstaller.exe as suspicious and block it from running. This is an issue with every KBOX upgrade and each version of kinstaller.exe we have seen has a new hash value. You can add the kinstaller.exe hash and push out the update to your clients but without the new version of the file being allowed you will run in to issues. You can add the kinstaller.exe to the exclusions list but this will not catch all installs as the installer sometimes extracts to the users profile and there is no way to add that to the exceptions, unless you add a wildcard and allow kinstaller.exe to do whatever it wants, no matter where it in the system. Adding a wildcard like this isn’t suggested as it is a little to open but you could do it this way.

From the antivirus side of Sophos this is the issue we run in to on every upgrade, from a firewall side we are not using the Sophos firewall at this time.










Posted by: rswihart 11 years ago
Orange Belt
0
Thank you Good information
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ