Mihai2

I created a policy, with a rule as below: After a computer restart, I cannot figure out how to pull a report with the attached devices information from the warnings. Maybe the warnings did not occur? The devices are already connected. Am I assuming incorrectly that the devices would report as connecting at boot time?

The use case is a kiosk PC that is always in use at the front desk, and I would like to see what devices are currently connected to it and ESET detects. It's a workstation that is locked down a single purpose, so nobody should be connecting any other devices to it, except for the administrators. I'd like to whitelist existing devices. I like the solution you proposed and I think that'll work just fine for us. Thank you.

Is it possible to populate a list if existing connected devices using the Protect Cloud console? I cannot see a way to do it. I'd prefer not to have to go to the computer itself to generate a list of devices. Is that the only option?

Thank you both for the information. To answer your question, @itman, yes, I was looking to disable LLMNR traffic as @Marcos posted.

I would like to prevent multicast DNS on port 5335. There is an existing rule for this in the predefined firewall rules (which are enabled by default) named Allow incoming multicast DNS requests from the Trusted zone on UDP 5355. This specific rule cannot be disabled, unfortunately. I do use the predefined firewall rules, so I would prefer not to disable them completely. How can I keep all of the other predefined rules, but prevent multicast DNS? I also use the Trusted Zone for other firewall rules. I can think of 2 options: Create a single policy with a firewall rule to block this traffic. How can I make sure the new policy's firewall rule to block this traffic is matched first? Remove the Trusted Zone networks. Create a new custom Zone to configure my custom firewall rules. If I do this, will the predefined firewall rule no longer work because there are no networks defined in the Trusted Zone?