Jump to content

White list not working on AnyDesk's domain.


paul.f
 Share

Recommended Posts

I have a computer that I white list the domains the user is able to access, this has been working fine for hundreds of websites. 

Today I tried to white list *anydesk.com* and it didn't work, so I turned on the notification message on the blocked list (*.*) to see what was going on and I noticed that the domain anydesk.com resolves into many different IP addresses when the app anydesk is launched.

Bottom line, I can't be white listing every single IP address instead of the domain, and these IPs may change in the future. I need to white list *anydesk.com and I need ESET Endpoint Security to understand that when I launch the app and let it go instead of blocking it.

Is there a setting that has to be toggled in order to fix this?

Link to comment
Share on other sites

  • Administrators

It doesn't matter if a domain resolves to a particular IP address or multiple IP addresses. Adding "*anydesk.com*" to the list of allowed addresses will allow it in case you have "*" in the list of blocked addresses for instance.

Link to comment
Share on other sites

30 minutes ago, Marcos said:

It doesn't matter if a domain resolves to a particular IP address or multiple IP addresses. Adding "*anydesk.com*" to the list of allowed addresses will allow it in case you have "*" in the list of blocked addresses for instance.

Thank you, that's what I was expecting to happen but instead I get the denied notifications, I tried browsing the IP addresses that get denied and all of them resolve to anydesk.com.

I'll make a video do demonstrate it.

Link to comment
Share on other sites

1 hour ago, Marcos said:

For me it works like a charm.

Yeah the website loads fine, but the app doesn't, it won't connect to the servers thus rendering it useless.

Link to comment
Share on other sites

  • Administrators

For applications you should use firewall rules to control access to particular IP addresses. The URL management is basically meant for browsers only.

Link to comment
Share on other sites

44 minutes ago, Marcos said:

For applications you should use firewall rules to control access to particular IP addresses. The URL management is basically meant for browsers only.

The firewall rules from my understanding are to block/unblock an specific app, the anydesk was not blocked there and adding an allow rule made no difference. From my understanding the purpose of the firewall rules is different than then white-list feature which takes precedence over it, in other words if the app can't go through the white-list then the app specific firewall rules are useless.

Edited by paul.f
Link to comment
Share on other sites

  • ESET Staff

This seems like an issue we are already aware of.
Please proceed as described here: https://support.eset.com/kb7272/ , but please enable Protocol filtering advanced logging as well. Don't forget to disable logging before Part II.
Then please send me the created logs via PM.

Then, you can try if changing this setting makes any difference:
F5 -> Web and email -> Web access protection -> Web protocols -> Ports used by HTTPS protocol
Change the current value (I expect there is 443, 0-65535) to 443.
We don't need any logs from the state when the setting is changed, at least for now.

Thanks.

Link to comment
Share on other sites

 

Quote

Then please send me the created logs via PM.

Thank you, the log was sent to you via PM.

 

Quote

F5 -> Web and email -> Web access protection -> Web protocols -> Ports used by HTTPS protocol

That did the trick! AnyDesk worked perfectly after narrowing down the ports to 443 only instead of "443, 0-65535".

 

Link to comment
Share on other sites

  • ESET Staff

As I expected, this is a known issue. It's already fixed in the Internet protection module version 1382, which is currently in testing.
Unfortunately it will take some time until it's released for your version of ESET Endpoint Antivirus. The fixed module will download automatically then.
Until that time, you can keep using the value of 443 for Ports used by HTTPS protocol; alternatively, you can try the less invasive change of the default value with the value of "443, 0-79, 81-65535" or "443, 0-79, 81-6567, 6569-65535"

Link to comment
Share on other sites

2 hours ago, Posolsvetla said:

As I expected, this is a known issue. It's already fixed in the Internet protection module version 1382, which is currently in testing.
Unfortunately it will take some time until it's released for your version of ESET Endpoint Antivirus. The fixed module will download automatically then.
Until that time, you can keep using the value of 443 for Ports used by HTTPS protocol; alternatively, you can try the less invasive change of the default value with the value of "443, 0-79, 81-65535" or "443, 0-79, 81-6567, 6569-65535"

That sounds good enough for now, thank you.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...