Jump to content
An upgrade will take place on June 18, 2024 during the midday hours (UTC). The Forum will not be accessible for a short period of time. ×

Help required to make a policy to allow eset agents report to the eset protect


Go to solution Solved by Marcos,

Recommended Posts

if we setup an eset protect server with eset endpoint security or eset file security installed on the same machine, then the first thing we notice is that eset agents in the network do not report to the server by default, until put off the firewall.

can somebody please help me define a policy to allow eset traffic, (on the eset protect server machine with either windows 10/11 OS or server OS) that includes agent communication, epns - wake up calls, http proxy or eset bridge, web console etc.

i also feel that this should have been allowed by default using a built in policy.

Link to comment
Share on other sites

it is eset firewall from eset endpoint security on a windows 10 m/c used for eset protect installation.

the expectation is that eset communication must be allowed by default, but no, it does not happen. the agents start reporting to server only after the eset firewall is switched off.

Link to comment
Share on other sites

  • Administrators

It should work unless you've changed default ports or created a blocking rule that was put above default (built-in) rules.

Please carry on as follows:

  1. Enable advanced logging under Help and support -> Technical support
  2. Reboot the machine
  3. After 1-2 minutes stop logging
  4. Collect logs with ESET Log Collector and upload the generated archive here.
Link to comment
Share on other sites

  • Administrators

You can use the default template which does not collect a registry dump for instance and therefore the size of the generated archive should be smaller. Or you can upload the archive to a file sharing service and drop me a private message with a download link.

Link to comment
Share on other sites

  • Administrators

ESET PROTECT server is installed on the local machine, ie. on Windows 11.

According to https://forum.eset.com/topic/36080-help-required-to-make-a-policy-to-allow-eset-agents-report-to-the-eset-protect/, while this OS is supported: "Installing ESET PROTECT components on a desktop OS might not be in alignment with Microsoft licensing policy. Check the Microsoft licensing policy or consult your software supplier for details. In SMB / small network environments, we encourage you to consider a Linux ESET PROTECT installation or virtual appliance where applicable."

Also duplicate IP addresses 192.168.1.174 [9c:14:63:fe:c0:77] and 192.168.1.174 [cc:98:8b:c8:05:05] and 192.168.1.252 [f0:6c:5d:ac:2a:e8] and 192.168.1.252 [44:d9:e7:d4:6e:79] as well as ARP cache poisoning were detected. Please fix this first. Also try to deploy a virtual appliance or install ESET PROTECT on a server OS.

Creating a rule for inbound communication on port 2222 would likely resolve the issue:

image.png

Link to comment
Share on other sites

  • Marcos changed the title to Help required to make a policy to allow eset agents report to the eset protect

thanks for your prompt reply. thanks for pointing out the duplicate PC & ARp cache poisoning issues, will work on that.


i wasn't aware that installing eset protect on windows 10 or 11 is not in line with microsoft policy. since this is a smaller network with just 30 endpoints, went ahead with windows, but will consider switching the OS.

1. however, please specify if agents not reporting to eset server problem is due to the wrong OS for eset protect installation.

2. if not, then why do i have to create a policy to allow the eset traffic, which should have been allowed by default ?

3. have created the policy to allow eset agent connections & agents are working now, but still cannot access the web console from other client PCs in network, until i disable firewall on eset protec machine. need help with this specifically.

thanks in advance.

Link to comment
Share on other sites

  • Administrators

You must create the rule because the firewall blocks all non-initiated inbound traffic in automatic mode which is when the managing agent attempts to contact the ESET PROTECT server. On a Linux virtual appliance the traffic is allowed. Also on Windows server operating systems that ESET PROTECT server is intended for besides Linux, ESET Server security that users might have installed there doesn't contain a firewall that would block the inbound communication.

What is allowed by default in ESET's firewall is the communication of the management agent on endpoints:

image.png

Link to comment
Share on other sites

got it. 🙏
but now i need help with allowing web console access from other network PCs. so could you please specifically let me know what policy configuration should i create for eset protect machine firewall to allow network computers to access web console ? tried working on this with various configs, but nothing seems to be working.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...