Allow applications to launch hidden processes

If you use role-based administration:

  • You must have the Policy setting - firewall right to configure a firewall policy.
  • You cannot edit a policy if it is applied outside your active sub-estate.

For more information, see Managing roles and sub-estates.

An application sometimes launches another hidden process to perform some network access for it.

Malicious applications can use this technique to evade firewalls: they launch a trusted application to access the network rather than doing so themselves.

To allow applications to launch hidden processes, follow these steps.

Note This option is not available on Windows 8 and later as it is handled automatically by the Sophos Anti-Virus HIPS technology.
  1. On the Welcome page of the Firewall Policy wizard, click Advanced firewall policy.
  2. Under Configurations, click Configure next to the location for which you want to configure the firewall.
  3. Click the Processes tab.
  4. In the upper area, click Add.
    The Firewall Policy - Add application dialog box appears.
  5. In the Search period field, click the drop-down arrow and select the period for which you want to display application events.

    You can either select a fixed period, for example, Within 24 hours, or select Custom and specify your own time period by selecting the starting and ending dates and times.

  6. If you want to view application events for a certain file, in the File name field, enter the file name.

    If you leave this field empty, application events for all files will be displayed.

    You can use wildcards in this field. Use ? for any single character and * for any string of characters.

  7. Click Search to display a list of application events.
  8. Select an application event, and then click OK.

If you enable interactive mode, the firewall can display a learning dialog on the endpoint computer when it detects a new launcher. For details, see Enable interactive mode. The interactive mode is not available on Windows 8 and later.