I thought I would post this question on here, as after 2 hours on the Phone to Sophos, they don't have an idea as to the issue. I was hoping someone had deployed the SCCM client to machines that are running the Sophos endpoint AV and firewall locally.
Here is the issue:
After installing the SCCM 2007 R3 client to a small number of XP and Windows 7 machines, all network based programs get blocked by the Sophos firewall. If we turn off all rules, everything starts working again.
The applications being blocked are:
nslookup.exe
rundll32.exe
wmiprvse.ece
werfault.exe
iexplore.exe
grpwise.exe
almon.exe
justched.exe
All are marked with an event type of 'Modified Memory' and show the launching application as wmrprvse.exe.
We have tried added these alerts to the firewall rules as trusted to no avail. Once we remove the client, all is fine.
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
Afternoon All,
I thought I would post this question on here, as after 2 hours on the Phone to Sophos, they don't have an idea as to the issue. I was hoping someone had deployed the SCCM client to machines that are running the Sophos endpoint AV and firewall locally.
Here is the issue:
After installing the SCCM 2007 R3 client to a small number of XP and Windows 7 machines, all network based programs get blocked by the Sophos firewall. If we turn off all rules, everything starts working again.
The applications being blocked are:
nslookup.exe
rundll32.exe
wmiprvse.ece
werfault.exe
iexplore.exe
grpwise.exe
almon.exe
justched.exe
All are marked with an event type of 'Modified Memory' and show the launching application as wmrprvse.exe.
We have tried added these alerts to the firewall rules as trusted to no avail. Once we remove the client, all is fine.
Any ideas?
Thanks,
Paul
Share this post
Link to post
Share on other sites