Aim2018 0 Posted October 22, 2018 Share Posted October 22, 2018 Hi, I was trying to run vbscript remotely from allowed remote host . In firewall rules port 135 ,1026-1029,445 are opened apart from that I have policies like attached But it is giving the error remote connection failed Please help Thanks Link to comment Share on other sites More sharing options...
Hpoonis 7 Posted October 22, 2018 Share Posted October 22, 2018 If they are evaluated in order, you allow one address then deny any. Try deny first then allow second. Link to comment Share on other sites More sharing options...
Aim2018 0 Posted October 22, 2018 Author Share Posted October 22, 2018 Hi, "Try deny first then allow second. " I tried the above but did not help Thanks Link to comment Share on other sites More sharing options...
itman 1,748 Posted October 22, 2018 Share Posted October 22, 2018 (edited) To begin with, Eset's firewall evaluates rule from top to bottom order. Unless the user rules you added were placed at the top of the existing rule set, it can be assumed that existing Eset default firewall rules are overriding your custom rules. Appears you are trying to use RPC for your remote connection activity? Eset already has default rules for that. However, the default rules only allow inbound RPC activity for IP addresses listed in the "Trusted" zone. You should review the existing Eset default rules in regards to "Trusted" zone activity. If those meet your security policy criteria, the simple solution is to add the local network IP address shown in your screen shot to the "Trusted" zone. Edited October 22, 2018 by itman Link to comment Share on other sites More sharing options...
Aim2018 0 Posted October 22, 2018 Author Share Posted October 22, 2018 Hi, Thanks for the reply I am planning to use the HIPS rules (and also the firewall rules mentioned in the discussion ) from the below link to protect from ransomeware . https://techcenter.eset.nl/kb/articles/configure-hips-rules-for-eset-business-products-to-protect-against-ransomware For software deployment I am using pdq ,manageengine and sccm also which basically uses custom vb and powershell scripts I want to exclude those deployment from the hips and the firewall rules Please advise Thanks Link to comment Share on other sites More sharing options...
Recommended Posts