rpnc 2 Posted April 5, 2017 Share Posted April 5, 2017 Hi, in deployment process personal firewall learning mode is great, but it can't give possible to add addition static rules. Because when some policy define Rules, they lock-down and learning mode failed to create new "learned rules". trivial example - pc (with complex sofware/network situation) need "learning mode" and without disturb end user, but for admin need that pc can respond to ping. If i create policy who allow icmp, then learning mode is like read-only for creating new rules. Maybe I miss something? Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 434 Posted April 5, 2017 ESET Staff Share Posted April 5, 2017 Your understanding is correct. This is current design, but we are aware of the problem and are planning to introduce changes in ERA V7 and Endpoint V7, that would allow simultaneous selection of Firewall Rules from ERA, but also by learning mode. Link to comment Share on other sites More sharing options...
rpnc 2 Posted April 6, 2017 Author Share Posted April 6, 2017 Thank You for explain. Hope ESET have possibilities to implement it sooner ;-) Link to comment Share on other sites More sharing options...
rpnc 2 Posted September 29, 2017 Author Share Posted September 29, 2017 I want UP this topic. For now (hope until v7), it's NOT possible to complete secure firewall of our domain workstations with ERAS. The ONLY option is to trust ESET "Automatic/Learning mode". But this is not enough for our security administrators... How other administrators deal with this? Is it really - Learning/Automatic mode and "head in the sand"? p.s. Some told - if solution not solve the problem, then search for other solutions... Is this mean - change ESET? Link to comment Share on other sites More sharing options...
bbahes 29 Posted September 29, 2017 Share Posted September 29, 2017 You could try logging in v6 - I. Activate logging of blocked connections: https://support.eset.com/kb3186/?locale=en_US I mainly use third party tools to get information which port processes use. I never use learning mode. This could open many unwanted ports Link to comment Share on other sites More sharing options...
Administrators Marcos 5,071 Posted September 29, 2017 Administrators Share Posted September 29, 2017 Learning mode is ok if you plan to review generated rules. Isn't automatic mode suitable to use on Endpoint on clients? I'm not speaking about computers in DMZ which would need to have the firewall configured strictly. Link to comment Share on other sites More sharing options...
bbahes 29 Posted September 29, 2017 Share Posted September 29, 2017 1 minute ago, Marcos said: Learning mode is ok if you plan to review generated rules. It will be ok, when you release v7. But I would love to hear more about that model? Will this finally be some sort of firewall logging? Link to comment Share on other sites More sharing options...
Recommended Posts