KenyGomez 0 Posted August 21, 2020 Share Posted August 21, 2020 I need more information about differences (in detail i.e. Windows 10 firewall store their rules in Registry) between ESET Endpoint Security firewall and Windows 10 firewall. I am trying to convince my boss to use ESET firewall instead of Windows 10 firewall. I also would like to know what other features may be disabled if you disable only ESET firewall. i.e. IDS. If you may also have any statistic information that I can use to say that only firewall at the perimeter is not enough (talking about firewall related threats). Link to comment Share on other sites More sharing options...
itman 1,659 Posted August 21, 2020 Share Posted August 21, 2020 14 minutes ago, KenyGomez said: I need more information about differences (in detail i.e. Windows 10 firewall store their rules in Registry) between ESET Endpoint Security firewall and Windows 10 firewall. I am trying to convince my boss to use ESET firewall instead of Windows 10 firewall. I also would like to know what other features may be disabled if you disable only ESET firewall. i.e. IDS. To begin, the Eset firewall and IDS are separate components within its Network Protection component. IDS is conditioned by network packet filtering rules and like intrusion detection rules that monitor for abuse of protocols commonly used by remote attackers. The Eset firewall component monitoring parallels that of the Win firewall in that app network use of protocols and ports are being monitored. It differs from the Win firewall in that it has full user interaction capability of outbound Internet traffic whereas the Win firewall only supports logging capability. In Eset default configuration, the Eset firewall will also defer to existing Win firewall inbound rules unless an Eset firewall rule exists that specifically blocks that network traffic. This greatly simplifies Win 10 Store apps use whose program names constantly change with each update of the app. Also note that Windows desktop versions do not natively contain an IDS component. There is limited network monitoring capability but only if Window Defender is used as the AV solution. My recommendation for corporate networks is that a network perimeter firewall appliance also be deployed for maximum security. BobLongworth 1 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted August 21, 2020 Administrators Share Posted August 21, 2020 Also one of the advantages of ESET's firewall is that you can isolate particular machines from network either via the ESMC console or using dynamic groups, e.g. with computers with unresolved threats. If a computer has an unresolved threat, it's possible to isolate it automatically until the threat is resolved. With ESET Enterprise Inspector, the ESET firewall enables getting details about network communication that can used in detection rules, e.g.: There are also some other bells and whistles, such as detection of trusted networks based on various criteria, e.g. wifi with WPA2. It's also possible to use authentication by ESET Authentication Server. You just install it, generate a private and public key and then any computer in the network with a correct public key configured will trust the network. Link to comment Share on other sites More sharing options...
KenyGomez 0 Posted August 21, 2020 Author Share Posted August 21, 2020 21 minutes ago, itman said: To begin, the Eset firewall and IDS are separate components within its Network Protection component. IDS is conditioned by network packet filtering rules and like intrusion detection rules that monitor for abuse of protocols commonly used by remote attackers. The Eset firewall component monitoring parallels that of the Win firewall in that app network use of protocols and ports are being monitored. It differs from the Win firewall in that it has full user interaction capability of outbound Internet traffic whereas the Win firewall only supports logging capability. In Eset default configuration, the Eset firewall will also defer to existing Win firewall inbound rules unless an Eset firewall rule exists that specifically blocks that network traffic. This greatly simplifies Win 10 Store apps use whose program names constantly change with each update of the app. Also note that Windows desktop versions do not natively contain an IDS component. There is limited network monitoring capability but only if Window Defender is used as the AV solution. My recommendation for corporate networks is that a network perimeter firewall appliance also be deployed for maximum security. Maybe I wasn't clear enough. What i need is a reason to enable ESET firewall instead of Windows 10 firewall. And I also would like to have information that confirm that a perimeter firewall it isn't enough for enterprise security. What they say is "if it's working (without ESET firewall) leave it" (do you have any good reason to enable ESET firewall?), or 'we already have a perimeter firewall" like if that will protect from LAN originated threats. So, what would be a good reason to enable ESET firewall? Because we work with business or enterprise software we are not interested that the firewall have full user interaction capabilities of outbound internet traffic. So is there any advantage? If there is no other feature that is disabled when you disable ESET firewall, then the only good reasons that I can think are: 1. More security. If the company doesn't have another management software or don't use any build-in Windows features to manage firewalls, then enabling ESET firewall will give you a better way to manage them (i.e. configurations, alerts, etc.). 2. It will be less easier for a hacker to change firewall rules if the ESET configuration is locked and the rules also isn't in windows registry. Is there anything else you may know that can help me to convince to have ESET firewall enabled instead of using windows 10 firewall? The other question I have... The ability to block incoming attacks or block specific vulnerabilities is build in ESET firewall feature (i.e. if is disabled, it won't block that?). If it is, then that's another big reason to enable ESET firewall instead of using Windows 10 firewall. Link to comment Share on other sites More sharing options...
KenyGomez 0 Posted August 21, 2020 Author Share Posted August 21, 2020 1 hour ago, Marcos said: Also one of the advantages of ESET's firewall is that you can isolate particular machines from network either via the ESMC console or using dynamic groups, e.g. with computers with unresolved threats. If a computer has an unresolved threat, it's possible to isolate it automatically until the threat is resolved. With ESET Enterprise Inspector, the ESET firewall enables getting details about network communication that can used in detection rules, e.g.: There are also some other bells and whistles, such as detection of trusted networks based on various criteria, e.g. wifi with WPA2. It's also possible to use authentication by ESET Authentication Server. You just install it, generate a private and public key and then any computer in the network with a correct public key configured will trust the network. thanks Marcos! that helps and it's part of the pro for ESET firewall management. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted August 21, 2020 Administrators Share Posted August 21, 2020 Also the known networks in the firewall setup can be used in the update setup to assign different update profiles to different networks: Link to comment Share on other sites More sharing options...
Recommended Posts