angkor

Sorry for the delay, but it's Khmer New Year here, and things are a little discombobulated as a result. I know that Endpoint Antivirus doesn't have a firewall, and yet, there those rules are. The rules survive a reset and reboot. I don't think anyone tried to install Endpoint Security — I don't think the installer will even run on Server 2012 R2, will it? Yes, I uninstalled ESET and rebooted — the rules survived that. As I said, I think they were set somewhere in Group Policy — I just need to know where in Group Policy they are set. I asked my questions at ESET International. At this point, I'm not as interested in doing a forensic analysis of how these rules got installed, but am much more focused on getting rid of them. So I have these questions: Are these rules in fact from an ESET product? Could someone who has Endpoint Security look at their firewall rules and see if these rules are there on their firewall? Where are these rules set, and how do I delete them?

We're running ESET Endpoint Antivirus 5 on all machines, including the server. After I noticed the ESET firewall rules, I uninstalled Endpoint Antivirus, but the rules remained, so I re-installed Endpoint Antivirus. Do these rules look like they come from another ESET product?

I've got a server running Windows Server 2012 R2, using ESET 5.X on the server and about 20 workstations, using ERA to push install. I migrated to Server 2012 from a 32-bit 2003 R2 server, using a second machine as an intermediary. Following the migration, and after installing the ESET stuff, I discovered that no user machines could connect to the server unless I disabled the server's Windows Firewall for the domain. Looking at the firewall rules, I saw a bunch of rules, as you can see in the attachment, which appear to be ESET rules, and which I suspect are the source of my problem. (Actually, you won't see it in the attachment, since I get a 403 when I try to attach files, but you can view it at https://www.dropbox.com/s/g745o02qrhfvaj5/Screen%20Shot%202016-03-22%20at%2012.59.27.png?dl=0) Each of the rules are for the domain, are enabled, and action=Block. The rule names are: 137-138:UDP:Enabled:ESET 139:TCP:Enabled:ESET 2221-2225:TCP:Enabled:ESET 2846:TCP:Enabled:ESET 445:TCP:Enabled:ESET My first question is: how do I get rid of these rules? If I try to disable or delete them, I get a message which I should have written down which made me think that they were set in Group Policy, but I didn't see them there, though I didn't do an exhaustive search. My second question is: What do I have to do to get ESET to answer a question like this? I put in a support ticket on this 4 times, and each time the ticket was immediately closed without any communication to me.