j-gray 37 Posted November 27, 2018 Share Posted November 27, 2018 We successfully upgraded our server to v7 and we've upgraded some OS X and Windows agents to the latest versions, so far without issue. However, after upgrading Windows antivirus to the latest version, they are all showing an alert in the console: "Protocol filtering is disabled". The alert shows the subproduct as 'Firewall'. However, the Firewall is completely disabled via policy. Further, this alert does not show on Windows clients with earlier version of antivirus (e.g. 6.x). The client shows no errors in the GUI. Where in the policies can I fix this? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,394 Posted November 27, 2018 Administrators Share Posted November 27, 2018 Protocol filtering in Endpoint for Windows can be enabled here: Link to comment Share on other sites More sharing options...
j-gray 37 Posted November 28, 2018 Author Share Posted November 28, 2018 17 hours ago, Marcos said: Protocol filtering in Endpoint for Windows can be enabled here: Thanks for the reply. That's confusing; the error specifies Firewall, but it's actually specific to Web and Email components. Also appears to only trigger for v7 clients and not earlier version, despite the same policy on both versions. Regardless, we have Web and Email components disabled, as well as Firewall and Content Filtering. Seems we should not get errors/warning for something we've intentionally disabled. It would be another story if it was enabled but not functioning properly... Link to comment Share on other sites More sharing options...
Administrators Marcos 5,394 Posted November 28, 2018 Administrators Share Posted November 28, 2018 The protocol filter is technically a part of firewall which is also partially included in ESET's antivirus product and serves for filtering application protocols. It is vital to have it enabled at least on machines with connection to the Internet. By disabling protocol filtering you would lose the following with regard to HTTP(S): - the ability to block malicious, phishing and scam websites as well as legitimate hacked websites with a malicious code injected - the ability to detect malware before it reaches the disk / memory - the ability to scan downloaded archives internally on the fly - the ability to scan downloaded files using more aggressive detections - the ability to block exploits exploiting vulnerabilities in supported application protocols. Because of its importance, as of v7 Endpoint notifies the user by changing the protection status if protocol filtering is disabled. Of course, this can be suppressed through Application statuses setup but we strongly recommend keeping the feature turned on. Link to comment Share on other sites More sharing options...
Recommended Posts