how to block inbound remote printing

[mikechan 0]

Hi, 

I use Eset Endpoint Security 8.0.2028.0. How to block inbound remote printing?

Thanks,

Mike

[Marcos 5,070]

You can temporarily switch the firewall to interactive mode and print a test page remotely. When asked about the communication, choose Block and tick the appropriate check-box to create a new rule. Afterwards you can switch back to automatic fw mode.

[labynko 5]

 

[labynko 5]

The Print Spooler service uses a port from the dynamic range and is allocated by default in Windows Vista and newer, starting at 49152.
To block it correctly, you need to change the dynamic range to your own.
Here is an example of the range from 9000 to 9099: 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Internet]
"Ports"=hex(7):39,00,30,00,30,00,30,00,2d,00,39,00,31,00,35,00,31,00,00,00,00,00
"PortsInternetAvailable"="Y"
"UseInternetPorts"="Y"

After reboot, the Print Spooler service will reserve a port in the range 9000 - 9099.
This range will need to be blocked for incoming connections.

[itman 1,659]

This article: https://www.kb.cert.org/vuls/id/383432 is the best I have found to determine if your still exploitable after applying the recent MS patch. Of note is the use of flowchart check steps.  Follow the steps to determine proper mitigation to apply for current status unpatched remote printing vulnerability.