Firewall problem with medical instrument software

[ClearOpt 0]

I have an optometry practice with a network of 8 or so computers, which has been running (mostly) happily under the protection of various versions of Smart Security for a few years now.  About 6 months ago I purchased a new piece of eye-testing equipment (an OCT scanner) which came with it's own PC and software - the instrument does it's thing and the software is used to view the results.  As I have multiple consulting rooms the software was installed on a couple of other PCs so that results could be viewed on them as well and everything was working fine until it occurred to me last week that there was no security software on the PC connected to the OCT.  I duly purchased another license and installed Smart Security 7 and now I can no longer access the software from the PCs in the other consulting rooms.  I've tried creating a rule on all the computers in question to allow the application, but this unfortunately hasn't worked.  I've also tried running Smart Security in interactive mode, and this results in a pop-up appearing on the OCT's PC when another PC tries to access it, however if I click on 'allow' and 'remember this rule' I get a warning stating that the rule is too general.

 

This is creating significant workflow issues, and unfortunately the OCT's software developer hasn't been able to suggest a solution.  Does allowing a rule that is too general create significant risks?

 

Any help much appreciated.

[Marcos 5,070]

Does temporarily disabling the firewall via gui resolves the issue? If so, does switching the firewall to learning mode for a while until all necessary rules are created automatically help?

[Arakasi 549]

Since your Smart Security allows the installation and use of Nod32, i would recommend it in this situation using medical equipment creating network traffic back and forth.

It will save you a lot of headaches.

 

If you would like to continue use of ESET's firewall, proceed as Marcos suggested in trying learning mode for a moment to create necessary rules, then switch back to auto.

.

[ClearOpt 0]

Thanks for the replies.  Disabling the firewall does resolve the issue, but when I switch to learning mode and attempt to create a rule, I get the warning that "This rule is too general".  Am I safe to ignore this warning and create the rule anyway?  What sort of compromise in security might this create?

 

Arakasi, can you advise how installing Nod32 will help with the issue?

[Arakasi 549]

Because it doesnt conatain the firewall and thus all these issues wouldnt be at your doorstep.

You could utilize the built in firewall of windows which would be less strict.

Keep in mind if you have a router at your office it contains a firewall already for everything outside the DMZ and some connections inside the lan should there be any local threats.

While windows firewall is not as great as ESET, it works well for file sharing and open network resources inside the lan or dmz.

[Marcos 5,070]

In learning mode, rules are created automatically. You should get a warning that a rule is too general only if you attempt to create it manually. That said, I assume that learning mode doesn't create a rule for the medical instrument software automatically.

If that's the case, continue as follows:

- enable logging of blocked connections in the IDS setup

- clear the firewall log

- reproduce the problem

- post your firewall log records here. If it contains too many records, export the log to a text file and attach it to a post.

[ClearOpt 0]

The warning about the rule being too general was from an automatically generated rule - when I tried to access the 'server' OCT PC from one of the other workstation PCs.  I have limited time today, but I'll try to work through the procedure you advised and post the firewall log records as soon as I can.

[ClearOpt 0]

I was trying to find where to set up logging of blocked connections and discovered that I actually had the firewall set to interactive rather than learning mode.  I changed it to learning mode and the was able to connect, and a new rule appeared to be generated, so apologies for the mix-up and wasting people's time.  My only concern now is could the rule that was generated automatically be "too general" given I received that warning for what was presumably the same rule in interactive mode?

[Marcos 5,070]

Rules created automatically in learning mode shouldn't be too general. You can check the rule(s) in the rule editor and adjust them, if necessary.