Jump to content

Protocol filtering is disabled after upgrade to v7

j-gray
 Share

Recommended Posts

j-gray

j-gray 35

Posted
Posted

We successfully upgraded our server to v7 and we've upgraded some OS X and Windows agents to the latest versions, so far without issue.

However, after upgrading Windows antivirus to the latest version, they are all showing an alert in the console: "Protocol filtering is disabled".

The alert shows the subproduct as 'Firewall'. However, the Firewall is completely disabled via policy. Further, this alert does not show on Windows clients with earlier version of antivirus (e.g. 6.x). The client shows no errors in the GUI.

Where in the policies can I fix this?

Link to comment
Share on other sites
j-gray

j-gray 35

Posted
  • Author
Posted
17 hours ago, Marcos said:

Protocol filtering in Endpoint for Windows can be enabled here:

image.png

Thanks for the reply.  That's confusing; the error specifies Firewall, but it's actually specific to Web and Email components. Also appears to only trigger for v7 clients and not earlier version, despite the same policy on both versions.

Regardless, we have Web and Email components disabled, as well as Firewall and Content Filtering.  Seems we should not get errors/warning for something we've intentionally disabled.  It would be another story if it was enabled but not functioning properly...

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted

The protocol filter is technically a part of firewall which is also partially included in ESET's antivirus product and serves for filtering application protocols.

It is vital to have it enabled at least on machines with connection to the Internet. By disabling protocol filtering you would lose the following with regard to HTTP(S):
- the ability to block malicious, phishing and scam websites as well as legitimate hacked websites with a malicious code injected
- the ability to detect malware before it reaches the disk / memory
- the ability to scan downloaded archives internally on the fly
- the ability to scan downloaded files using more aggressive detections
- the ability to block exploits exploiting vulnerabilities in supported application protocols.

Because of its importance, as of v7 Endpoint notifies the user by changing the protection status if protocol filtering is disabled. Of course, this can be suppressed through Application statuses setup but we strongly recommend keeping the feature turned on.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...