ESET PROTECT Firewall Rules Question

[Hello There 0]

Hello all,

I have a question regarding ESET Firewall settings. We need to block Internet access but allow one IM app to communicate outside to the world. Also the internal communication needs to be allowed.

I created two rules... First of them blocks ports 80 and 443 in both directions, another allows xxx.exe executable file but this is not working at all. A test computers still have full Internet access.

Am I missing anything?

Thank you for your suggestions.

 

[Marcos 4,919]

Did you add ports 80 and 443 on the Remote tab and specified only the path to the executable on the Local tab ?

[Hello There 0]

This is the current configuration.

[Marcos 4,919]

You must remove ports 80,443 on the Local tab. Local ports are automatically chosen by Windows.

[Hello There 0]

I removed them from the Local tab but still no joy. The test computer still has Internet access.

[Marcos 4,919]

Please provide logs collected with ESET Log Collector from such machine.

[Hello There 0]

Here you are... Use 159753

eea_logs.rar

[Marcos 4,919]

You have installed ESET Endpoint Antivirus (EEA), not ESET Endpoint Security which also contains a firewall. Therefore firewall settings cannot be applied to EEA.

For improved protection from possible attackers disabling ESET, I'd recommend:
- enabling detection of potentially unsafe applications
- locking up real-time and HIPS settings by a policy, especially if settings are not password protected.

[Hello There 0]

Oh, that's the reason, ok, I will try that again with ESET Endpoint Security.

And this is a test policy so a password is not configured.

[Hello There 0]

Ok, another problem showed up. I switched from ESET Antivirus to ESET Security but now I cannot use VNC... How to make an exception for this program?

[Marcos 4,919]

You have several options:
1, Manually create an inbound permissive rule for VNC
2, Run the Firewall troubleshooting wizard to unblock the desired communication
3, Switch the firewall to learning mode for a while until the necessary rule is created automatically.

[Hello There 0]

I already created a rule for this and it works but the firewall troubleshooting wizard sounds interesting... How can I use it?

Anyway, after moving to ESET Security, Internet access is blocked and IM application seems to be working! Thanks.

[Marcos 4,919]

The firewall troubleshooting wizard provides a list of recently blocked communications with an option to unblock the desired ones with a few clicks. The wizard can be accessed only locally, not from the administration console. What you could do is remote to the machine to access it and unblock the desired communication and then request the configuration from the management console which you could then convert to a policy for instance.

[Hello There 0]

Nice. Where can I find this list in ESET Security on a client device?

[Marcos 4,919]

[Hello There 0]

Thank you very much!