ESET Firewall blocking ESET's agent deployment.

[Lafkis 0]

Hello. I am having some difficulties deploying agents to our companies computers. We've got around 80 computers, but only 13 computers successfully deployed using Server Task, and another 11 got deployed using GPO. Most of the computers are either at colleagues houses (Connected with VPN), or are in 24/7 use, so restart is not an option for most of the time, and it would be too time consuming.

 

I noticed that the ESET's built in Firewall is blocking Ping from computer to computer, itself. 

i.e. tried to ping ESET Protect server (10.0.x.1x) from my own computer (10.0.x.2x) and the pings timed out - as soon as I disabled firewall through ESET Antivirus on my own computer, I could ping again, and Agent deployed normally. Is it possible to MASS disable firewall on all users Remotely, to connect Agents, and then enable it back again, or maybe Exclude Servers IP address from firewall from ESET Protect?  

 

Would like to exclude 10.0.x.1x - ESET Protect Server

 

It rarely succeeds to connect through, but 90% it fails. Any help would be appreciated.

 

TL;DR

ESET Firewall blocks ping from computer to server - need a workaround to either disable firewall to deploy agents, and would like to do this on a scale, as we've got around 80-90 computers, and most of them are at home (they are all on VPN's connected straight to our Server) and not on location or some other kind of workaround on this.

 

Any help would be appreciated. 

Thanks in advance.

[Lafkis 0]

EDIT:

ESET PROTECT (Server), Version 8.0 (8.0.1258.0)
ESET PROTECT (Web Console), Version 8.0 (8.0.191.0)

Microsoft Windows Server 2012 R2 Standard (64-bit), Version 6.3.9600.19995

 

 

Most of the client OS versions: Windows 10 Pro ver. 1909 / 20H2

Most of the client ESET Endpoint Antivirus versions: 6.5 / 8.0.2 ( in that range)

[Marcos 5,070]

Did you install ESET Endpoint Security on clients prior to preparing the ESET PROTECT server? In that case configuring the firewall remotely is not possible.

Instead of disabling the firewall you should just add its IP address (or better the whole subnet) to the trusted zone in which ping and sharing is enabled.

[Lafkis 0]

11 minutes ago, Marcos said:

Did you install ESET Endpoint Security on clients prior to preparing the ESET PROTECT server? In that case configuring the firewall remotely is not possible.

Instead of disabling the firewall you should just add its IP address (or better the whole subnet) to the trusted zone in which ping and sharing is enabled.

We've been using ESET Endpoint Security on clients for over a year now, and just last week started using ESET PROTECT. 

 

About adding IP address to the trusted zone - how one would do that? and as I understood, I need to do this to every single client one by one?

 

Thanks for the quick response.

[Marcos 5,070]

By default known networks use Windows firewall settings:

However, you can explicitly define the trusted zone in the Zone setup:

I'd suggest checking on one machine if adding the ESET PROTECT IP address or the whole subnet to the trusted zone actually makes a difference when deploying the agent.

Is there a problem deploying the agent via GPO? This should not be affected by the firewall I assume.