Allow applications to launch hidden processes

Note This option is not available on Windows 8 and later as it is handled automatically by the Sophos Anti-Virus HIPS technology.

An application sometimes launches another hidden process to perform some network access for it.

Malicious applications can use this technique to evade firewalls: they launch a trusted application to access the network rather than doing so themselves.

The firewall sends an alert to the management console, if one is being used, the first time a hidden process is detected.

To allow applications to launch hidden processes:

  1. On the Home page, under Firewall, click Configure firewall.
    For information about the Home page, see About the Home page.
  2. Under Configurations, click Configure next to the location that you want to configure.
  3. Click the Processes tab.
  4. In the upper area, click the Add button.
  5. Locate the application, and then double-click it.
If you are using interactive mode, the firewall can display a learning dialog when it detects a new launcher.