Hello,
I have been trying to figure out how to design a policy that allows WMI connections. I am running a few scripts to keep the inventory updated and with the default settings WMI is blocked.
Tips I have tried are (will update as I get them):
Unchecking "TCP port scanning attack detection" in IDS
I switched to Interactive mode and created a separate rule when the WMI query was captured by the firewall but the rule generated is C:\Windows\svchost.exe Any Any which seems a bit to relaxed - or am I wrong? Also WMI seems to use dynamic ports between 1024 and 2000...
I saw some people who use Spiceworks having the same issue, although I do not use Spiceworks.
Did anyone here get this to work?