Jeff McNabney 0 Posted August 11, 2021 Share Posted August 11, 2021 Endpoint 8.1 Firewall was blocking RDP requests on too many local PC's, so a single custom Policy with a single entry for RDP was added via ESET Protect and associated to the group with all the Windows installs of Endpoint 8.1. After that, no pc in that group would allow local unblocks ["unblocking error"] of any other port or service, which became another problem for wireless Remote displays. Is this correct behaviour? Does a single custom policy disable all other port unblocking features at the client end? Is there a better way around this? If the Endpoint firewall is disabled as a workaround, is the Windows Firewall still active, or has Endpoint assumed ALL control of firewall protection? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted August 11, 2021 Administrators Share Posted August 11, 2021 If you want firewall rules set by a policy to take precedence over local rules set up locally by users, select "Prepend" as shown below: RDP is allowed in the Trusted zone by default. An alternate solution would be to set up the trusted zone properly. Link to comment Share on other sites More sharing options...
dtech8 0 Posted August 12, 2021 Share Posted August 12, 2021 How do you configure the Trusted Zone? Our endpoint clients should be in the Trusted Zone when they're in the Domain network, but I can't find a way to set it up. Thanks Link to comment Share on other sites More sharing options...
Jeff McNabney 0 Posted August 16, 2021 Author Share Posted August 16, 2021 I know how to set up the Trusted Zone, but do i configure it at the the default policy firewall settings via the management console and assign it to the windows group, or do i configure it at the client end for each pc? If i edit the default windows computer policy to change the trusted zone, and apply it, again will all the pc's lose the ability to add local unblocks? I'm still not clear on whether policies are being applied from the management console by default or not. Obviously out of the box many of my users, including myself had RDP blocked by default after upgrading from v7 to v8, so it was not open by default. If i enable ANY policy at the management console, will it block ALL the clients from adding local blocks for ports? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted August 18, 2021 Administrators Share Posted August 18, 2021 By default no policies are applied to clients. Some settings that contain a list of items can be applied in 3 ways: replace, append, prepend. While replace will lock particular settings (lists), append will append the policy to local settings (ie. make local user settings supersede the policy) and likewise prepend will make the policy supersede the local user settings (lists). Link to comment Share on other sites More sharing options...
Recommended Posts