firewall policy and remote access

[Aim2018 0]

Hi,
I was trying to run vbscript remotely from allowed remote host  . In firewall  rules  port 135 ,1026-1029,445 are opened 
apart from that I have policies like attached 

But it is giving the error remote connection failed 

 

Please help 

 

Thanks 

 

[Hpoonis 7]

If they are evaluated in order, you allow one address then deny any. Try deny first then allow second.

[Aim2018 0]

Hi,

"Try deny first then allow second. " 

I tried the above but did not help 

Thanks 

[itman 1,739]

To begin with, Eset's firewall evaluates rule from top to bottom order. Unless the user rules you added were placed at the top of the existing rule set, it can be assumed that existing Eset default firewall rules are overriding your custom rules.

Appears you are trying to use RPC for your remote connection activity? Eset already has default rules for that. However, the default rules only allow inbound RPC activity for IP addresses listed in the "Trusted" zone.

You should review the existing Eset default rules in regards to "Trusted" zone activity. If those meet your security policy criteria, the simple solution is to add the local network IP address shown in your screen shot to the "Trusted" zone.

Edited October 22, 2018 by itman

[Aim2018 0]

Hi,

Thanks for the  reply 
I am planning to use  the  HIPS rules  (and also the  firewall  rules mentioned in the discussion ) from the  below link  to protect from ransomeware . 

https://techcenter.eset.nl/kb/articles/configure-hips-rules-for-eset-business-products-to-protect-against-ransomware

For software deployment I am using pdq ,manageengine and sccm also  which basically uses custom vb and powershell scripts 

I want to exclude  those deployment from the hips and the firewall rules 

Please advise 

Thanks