Jump to content

Remote Desktop blocked after Endpoint Security install HELP!!


Recommended Posts

Posted

I installed ESET Endpoint Security on a bunch of Windows PCs and, after installation, I noticed to my horror, that all Remote Desktop ports have been blocked (and I'm many miles away, but VPNed into the network) for all machines. I don't see anywhere in any instructions (the ERA guide) how to make changes to the firewall ports via Policies (to allow RDP in). 
HELP!  Is there ANY instructions, anywhere that shows EXACTLY how to create policies of this nature - I've looked and only see really rudimentary stuff - nothing on ports?

Posted

Ok. I've found in the ERA, under the Admin tab the ESET endpoint for Windows policy, then,  clicked firewall Tab and see several options:
Inbound Traffic From the Trusted Zone
Outbound Traffic To The Trusted Zone
Inbound Internet Traffic
Outbound Internet Traffic
Unfortunately, all these options are unselectable (greyed out) - so I can't add any ports nor applications.
Is there no way to turn these on to be able to edit?

Posted

To matters worse, remote registry, ICMP and pretty much every single port is being blocked!  I'm going to attempt to replace endpoint with just the antivirus and spend another couple of days figuring out ERA better. 
 

Posted (edited)

Installing the Antivirus got me access back to the machines (whew!).  My complaint is that the default policy for the Endpoint is, for some reason, not working properly (it appears to be set to allow RDP connections, ICMP, etc, but none of these rules are applied in the stock policy).  I hope future versions correct this bug as it could potentially be an IT disaster (Competitor's products actually adapt current firewall rules from Windows firewall - which would make more sense - at the very least, ASK if you would like to import Windows firewall rules at installation - or have a mechanism to change rules on the fly - it would save hours of pain) for remote administrators!  It would be nice to have the ability to CHANGE a policy without having to completely reinstall the software.

Edited by beefydog
  • Administrators
Posted

In automatic mode, all non-initiated inbound traffic is blocked. RDP is allowed in trusted zone by default.

There's a possibility to configure the firewall to honor existing Windows firewall zones and allowing rules so if you had Windows firewall configured to allow RDP from particular IP addresses, it should work fine then.

Also you can add a new network, set it as home/office network and also set the desired network parameters for identification. Such network will be trusted and RDP allowed as mentioned above.

Alternatively you can create individual a firewall rule with remote IP addresses and allowing the local RDP port and put the rule on the top to ensure that it will be applied as first.

Posted

The default policy for Endpoint for Windows is "Firewall - Block all traffic except ERA connection"  - this is why everything was blocked.
I'll be making a new policy and reinstalling Endpoint again after many tests.
I did discover the " Also evaluate rules from Windows Firewall " firewall rule.  Nice.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...