Jump to content

"Also evaluate rules from Windows Firewall" and Learning Mode

CMaxinuk

By CMaxinuk
in ESET Endpoint Products

 Share

Recommended Posts

CMaxinuk

CMaxinuk 0

Posted
Posted

Hi all

 

Our school installed Security Management Centre 7.2 CentOS and reimaged our Win10 computers with ESET Endpoint Security 7.3.

"Also evaluate rules from Windows Firewall" has been set to Force, but ESET is still blocking many ports that Windows Firewall has enabled/open. Disable the ESET Endpoint firewall and ping works, when enabled, ping doesn't work, even though the rules show Allow for ICMP. 


I've now enabled "Learning Mode" but need to disable it before school is back. Learning Mode has opened up ports for Onedrive, Teams and many other things, yet I still can't ping the endpoints.

   

A few applications/services can't  connect when Learning Mode is off, can ESET allow every port that Windows Firewall allows, without manually adding many rules? 

 

Any help pointing me in the right direction would be greatly appreciated.

 

Happy festive season :)

 

Craig

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted

Couldn't it be that the Windows firewall rules were configured via GPO?

image.png

Ping should work from machines in the trusted zone so I'd try adding your local subnet to the trusted zone in the zone setup.

Link to comment
Share on other sites
CMaxinuk

CMaxinuk 0

Posted
  • Author
Posted

Hi Marcos

 

Thank you for the reply.

I missed the the part the says "GPOs are not Evaluated", so that explains some of the port that are shut.

We have many ports opened by GPOs, so I guess that I would have to enter them all in manually? 

 

There are many ports that Windows10 automatically allows (non GPO), like Onedrive and Teams, is there a way to put an Endpoint into Learning Mode, then once it's learnt all the ports, export it to the other Endpoints?

 

Best Regards

 

Craig 

 

 

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted

Since learning mode creates very specific rules, I'd avoid it so as not to end up with hundreds or thousands of specific rules which would be a mess.

Do you need to block certain outbound communication on clients? Note that any non-initiated inbound communication is blocked by default in automatic mode. I would just make sure that the trusted zone is set up correctly to allow sharing and ping in LAN. In case you use an application on a server that initiates communication with clients, create a permissive rule for the inbound communication.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...