angkor
-
Posts
3 -
Joined
-
Last visited
Posts posted by angkor
-
-
We're running ESET Endpoint Antivirus 5 on all machines, including the server. After I noticed the ESET firewall rules, I uninstalled Endpoint Antivirus, but the rules remained, so I re-installed Endpoint Antivirus.
Do these rules look like they come from another ESET product?
-
I've got a server running Windows Server 2012 R2, using ESET 5.X on the server and about 20 workstations, using ERA to push install.
I migrated to Server 2012 from a 32-bit 2003 R2 server, using a second machine as an intermediary.
Following the migration, and after installing the ESET stuff, I discovered that no user machines could connect to the server unless I disabled the server's Windows Firewall for the domain. Looking at the firewall rules, I saw a bunch of rules, as you can see in the attachment, which appear to be ESET rules, and which I suspect are the source of my problem. (Actually, you won't see it in the attachment, since I get a 403 when I try to attach files, but you can view it at https://www.dropbox.com/s/g745o02qrhfvaj5/Screen%20Shot%202016-03-22%20at%2012.59.27.png?dl=0)
Each of the rules are for the domain, are enabled, and action=Block. The rule names are:
137-138:UDP:Enabled:ESET
139:TCP:Enabled:ESET
2221-2225:TCP:Enabled:ESET
2846:TCP:Enabled:ESET
445:TCP:Enabled:ESET
My first question is: how do I get rid of these rules? If I try to disable or delete them, I get a message which I should have written down which made me think that they were set in Group Policy, but I didn't see them there, though I didn't do an exhaustive search.
My second question is: What do I have to do to get ESET to answer a question like this? I put in a support ticket on this 4 times, and each time the ticket was immediately closed without any communication to me.
%C2%A0){kind=link}
ESET firewall rules apparently blocking file sharing
in ESET Endpoint Products
Posted
Sorry for the delay, but it's Khmer New Year here, and things are a little discombobulated as a result.
I know that Endpoint Antivirus doesn't have a firewall, and yet, there those rules are.
The rules survive a reset and reboot.
I don't think anyone tried to install Endpoint Security — I don't think the installer will even run on Server 2012 R2, will it?
Yes, I uninstalled ESET and rebooted — the rules survived that.
As I said, I think they were set somewhere in Group Policy — I just need to know where in Group Policy they are set.
I asked my questions at ESET International.
At this point, I'm not as interested in doing a forensic analysis of how these rules got installed, but am much more focused on getting rid of them. So I have these questions: