Turn blocking of modified processes on or off
Note: This option is not available in Windows 8 as it is handled
automatically by the Sophos Anti-Virus HIPS technology.
Malware may attempt to evade the firewall by modifying a process in memory that has been initiated by a trusted program, and then using the modified process to access the network on its behalf.
You can configure the firewall to detect and block processes that have been modified in memory.
To turn blocking of modified processes on or off:
-
On the
Home page, under
Firewall, click
Configure firewall.
For information about the Home page, see About the Home page.
- Under Configurations, click Configure next to the location that you want to configure.
-
On the General tab, under Blocking, clear the Block
processes if memory is modified by another application (32-bit operating systems
only) check box to turn blocking of modified processes off.
To turn blocking of modified processes on, select the check box.
If the firewall
detects that a process has been modified in memory, it adds rules to prevent
the modified process from accessing the network.
Notes
- We do not recommend that you turn blocking of modified processes off permanently. You should turn it off only when you need to.
- Blocking of modified processes is not supported on 64-bit versions of Windows.
- Only the modified process is blocked. The modifying program is not blocked from accessing the network.