jdeconto 0 Posted May 24, 2023 Share Posted May 24, 2023 Hey! I am having issues making a firewall policy apply to my machine via the Protect Cloud portal. Currently I have the policy applying to a test group that only contains my computer. All of the policies have the lightning bolt symbol selected to make sure that they trigger. I am trying to block all access, local and internet. My rules for the policy are: As well, Zone All Addresses: I must be missing something simple that is preventing the policy from applying. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,044 Posted May 24, 2023 Administrators Share Posted May 24, 2023 First of all, you have posted in the ESET Products for Windows Servers forum but server products do not contain a firewall and ESET Endpoint Security is not intended for installation on servers. Please clarify. Link to comment Share on other sites More sharing options...
jdeconto 0 Posted May 24, 2023 Author Share Posted May 24, 2023 Gaaaahhh, sorry I selected the wrong product, it is not my day today. This is for a client side machine not a server. Would you recommend I recreate this post in the correct forum? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,044 Posted May 24, 2023 Administrators Share Posted May 24, 2023 Did you choose to replace the rules on clients? Did you toggle display of default rules and put the new rule on top? How did you test the rule for svchost.exe application? Link to comment Share on other sites More sharing options...
jdeconto 0 Posted May 24, 2023 Author Share Posted May 24, 2023 The Replace for clients was selected by default. I did show built in rules and moved mine to the top. The svchost.exe application was added in by another tech as a test. I was originally just trying to block all access, regardless of application. Link to comment Share on other sites More sharing options...
jdeconto 0 Posted May 24, 2023 Author Share Posted May 24, 2023 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,044 Posted May 24, 2023 Administrators Share Posted May 24, 2023 I would remove svchost.exe from the rule and leave the application empty so that the rule is applied to any executable. However, you will need to remove the rule for Windows to work properly. Link to comment Share on other sites More sharing options...
jdeconto 0 Posted May 24, 2023 Author Share Posted May 24, 2023 Okay, application has been removed. In regards to working correctly, would creating an additional rule allowing access for ports 80 and 443 be enough? I am trying to totally lock the machine out from the local network. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,044 Posted May 24, 2023 Administrators Share Posted May 24, 2023 Do you want to block completely everything, ie achieve the same effect as with disconnecting the network cable from the machine? Link to comment Share on other sites More sharing options...
jdeconto 0 Posted May 24, 2023 Author Share Posted May 24, 2023 Yes. Eventually I want to be able to granularly allow access but at this time I am focusing on locking the computer completely out of the network. Link to comment Share on other sites More sharing options...
jdeconto 0 Posted May 30, 2023 Author Share Posted May 30, 2023 Hey Marcos, I know you are most likely pretty busy but would you have any other suggestions to get this policy up and running? Link to comment Share on other sites More sharing options...
LesRMed 21 Posted May 30, 2023 Share Posted May 30, 2023 Would Network Isolation work? Link to comment Share on other sites More sharing options...
jdeconto 0 Posted May 30, 2023 Author Share Posted May 30, 2023 I think it would but I want to be able to allow connections granularly, I was just starting with fully blocking the network. I think the policy should be able to handle something like that. Granted I am not the most experienced user on ESET. Link to comment Share on other sites More sharing options...
jdeconto 0 Posted May 31, 2023 Author Share Posted May 31, 2023 So I have been doing a bit more research on this myself, if I am understanding this correctly, https://help.eset.com/protect_cloud/en-US/admin_pol.html?admin_pol_ordering_groups.html, then as long as none of the groups above my dynamic group have a policy with a Force flag enabled, my policy should take priority right? Currently I am assigning it directly to my computer, if my understanding is correct, then this should work since my policy is the only one using the Force flag, Yet I am still getting no result when I use my computer. Also Marcos, you asked a bit ago how I was testing for blocking local, I was testing with a ping to a local printer, since I can get a response the firewall was not applying. Link to comment Share on other sites More sharing options...
jdeconto 0 Posted June 2, 2023 Author Share Posted June 2, 2023 I have been trying a few more things and still cannot get these firewall rules to be implemented. I know the policy is implementing since I tried using Silent mode and that did turn on when I saved the policy. I still cannot get the firewall rules though. I am trying with a new one to make sure it has no possible issues from what ever I was messing around with on the older policy. Currently what I have is: Do I need to fill in the Local and Remote sections? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,044 Posted June 3, 2023 Administrators Share Posted June 3, 2023 Is the last screenshot taken from an endpoint? I've put a general blocking rule on top via a policy and all communication was indeed blocked. Tested by opening websites in a browser or pinging other machines or the machine itself. Link to comment Share on other sites More sharing options...
jdeconto 0 Posted June 5, 2023 Author Share Posted June 5, 2023 I am still able to view websites and ping local machines when I try. Sorry I should have clarified, my screenshots are from ESET PROTECT CLOUD. I am trying to apply this policy just to my 1 machine on the network. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,044 Posted June 5, 2023 Administrators Share Posted June 5, 2023 I would check merged rules locally on an endpoint to make sure that the general blocking rules is on top of the pre-set rules. Link to comment Share on other sites More sharing options...
jdeconto 0 Posted June 5, 2023 Author Share Posted June 5, 2023 I looked on my endpoint antivirus, it does not have any of the policies set from our cloud portal: Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 5,044 Posted June 5, 2023 Administrators Solution Share Posted June 5, 2023 According to the screenshots above you edited the firewall rules but the last screenshot shows that you installed ESET Endpoint Antivirus which doesn't contain a firewall. You must install ESET Endpoint Security instead if your license entitles you to if you want to take advantage of the ESET firewall. Link to comment Share on other sites More sharing options...
jdeconto 0 Posted June 6, 2023 Author Share Posted June 6, 2023 Yeah, looks like I used a bad installer and didn't have security on my device. Thanks for the assistance Marcos! Link to comment Share on other sites More sharing options...
Recommended Posts