CMaxinuk 0 Posted December 18, 2020 Posted December 18, 2020 Hi all Our school installed Security Management Centre 7.2 CentOS and reimaged our Win10 computers with ESET Endpoint Security 7.3. "Also evaluate rules from Windows Firewall" has been set to Force, but ESET is still blocking many ports that Windows Firewall has enabled/open. Disable the ESET Endpoint firewall and ping works, when enabled, ping doesn't work, even though the rules show Allow for ICMP. I've now enabled "Learning Mode" but need to disable it before school is back. Learning Mode has opened up ports for Onedrive, Teams and many other things, yet I still can't ping the endpoints. A few applications/services can't connect when Learning Mode is off, can ESET allow every port that Windows Firewall allows, without manually adding many rules? Any help pointing me in the right direction would be greatly appreciated. Happy festive season :) Craig
Administrators Marcos 5,446 Posted December 18, 2020 Administrators Posted December 18, 2020 Couldn't it be that the Windows firewall rules were configured via GPO? Ping should work from machines in the trusted zone so I'd try adding your local subnet to the trusted zone in the zone setup.
CMaxinuk 0 Posted December 22, 2020 Author Posted December 22, 2020 Hi Marcos Thank you for the reply. I missed the the part the says "GPOs are not Evaluated", so that explains some of the port that are shut. We have many ports opened by GPOs, so I guess that I would have to enter them all in manually? There are many ports that Windows10 automatically allows (non GPO), like Onedrive and Teams, is there a way to put an Endpoint into Learning Mode, then once it's learnt all the ports, export it to the other Endpoints? Best Regards Craig
Administrators Marcos 5,446 Posted December 22, 2020 Administrators Posted December 22, 2020 Since learning mode creates very specific rules, I'd avoid it so as not to end up with hundreds or thousands of specific rules which would be a mess. Do you need to block certain outbound communication on clients? Note that any non-initiated inbound communication is blocked by default in automatic mode. I would just make sure that the trusted zone is set up correctly to allow sharing and ping in LAN. In case you use an application on a server that initiates communication with clients, create a permissive rule for the inbound communication.
Recommended Posts