beefydog 0 Posted September 29, 2017 Posted September 29, 2017 I installed ESET Endpoint Security on a bunch of Windows PCs and, after installation, I noticed to my horror, that all Remote Desktop ports have been blocked (and I'm many miles away, but VPNed into the network) for all machines. I don't see anywhere in any instructions (the ERA guide) how to make changes to the firewall ports via Policies (to allow RDP in). HELP! Is there ANY instructions, anywhere that shows EXACTLY how to create policies of this nature - I've looked and only see really rudimentary stuff - nothing on ports?
beefydog 0 Posted September 29, 2017 Author Posted September 29, 2017 Ok. I've found in the ERA, under the Admin tab the ESET endpoint for Windows policy, then, clicked firewall Tab and see several options: Inbound Traffic From the Trusted Zone Outbound Traffic To The Trusted Zone Inbound Internet Traffic Outbound Internet Traffic Unfortunately, all these options are unselectable (greyed out) - so I can't add any ports nor applications. Is there no way to turn these on to be able to edit?
beefydog 0 Posted September 30, 2017 Author Posted September 30, 2017 To matters worse, remote registry, ICMP and pretty much every single port is being blocked! I'm going to attempt to replace endpoint with just the antivirus and spend another couple of days figuring out ERA better.
beefydog 0 Posted September 30, 2017 Author Posted September 30, 2017 (edited) Installing the Antivirus got me access back to the machines (whew!). My complaint is that the default policy for the Endpoint is, for some reason, not working properly (it appears to be set to allow RDP connections, ICMP, etc, but none of these rules are applied in the stock policy). I hope future versions correct this bug as it could potentially be an IT disaster (Competitor's products actually adapt current firewall rules from Windows firewall - which would make more sense - at the very least, ASK if you would like to import Windows firewall rules at installation - or have a mechanism to change rules on the fly - it would save hours of pain) for remote administrators! It would be nice to have the ability to CHANGE a policy without having to completely reinstall the software. Edited September 30, 2017 by beefydog
Administrators Marcos 5,449 Posted September 30, 2017 Administrators Posted September 30, 2017 In automatic mode, all non-initiated inbound traffic is blocked. RDP is allowed in trusted zone by default. There's a possibility to configure the firewall to honor existing Windows firewall zones and allowing rules so if you had Windows firewall configured to allow RDP from particular IP addresses, it should work fine then. Also you can add a new network, set it as home/office network and also set the desired network parameters for identification. Such network will be trusted and RDP allowed as mentioned above. Alternatively you can create individual a firewall rule with remote IP addresses and allowing the local RDP port and put the rule on the top to ensure that it will be applied as first.
beefydog 0 Posted September 30, 2017 Author Posted September 30, 2017 The default policy for Endpoint for Windows is "Firewall - Block all traffic except ERA connection" - this is why everything was blocked. I'll be making a new policy and reinstalling Endpoint again after many tests. I did discover the " Also evaluate rules from Windows Firewall " firewall rule. Nice.
Recommended Posts