Jump to content

Issue with Policy not applying to computer


Go to solution Solved by Marcos,

Recommended Posts

Hey!

I am having issues making a firewall policy apply to my machine via the Protect Cloud portal.

Currently I have the policy applying to a test group that only contains my computer. All of the policies have the lightning bolt symbol selected to make sure that they trigger. I am trying to block all access, local and internet. 

My rules for the policy are:

image.png

image.png

image.png

As well, Zone All Addresses:

image.png

I must be missing something simple that is preventing the policy from applying. 

 

 

Link to comment
Share on other sites

  • Administrators

First of all, you have posted in the ESET Products for Windows Servers forum but server products do not contain a firewall and ESET Endpoint Security is not intended for installation on servers. Please clarify.

Link to comment
Share on other sites

Gaaaahhh, sorry I selected the wrong product, it is not my day today. This is for a client side machine not a server. Would you recommend I recreate this post in the correct forum? 

Link to comment
Share on other sites

  • Administrators

Did you choose to replace the rules on clients?

image.png

Did you toggle display of default rules and put the new rule on top?

image.png

How did you test the rule for svchost.exe application?

Link to comment
Share on other sites

The Replace for clients was selected by default. I did show built in rules and moved mine to the top. The svchost.exe application was added in by another tech as a test. I was originally just trying to block all access, regardless of application.

Link to comment
Share on other sites

  • Administrators

I would remove svchost.exe from the rule and leave the application empty so that the rule is applied to any executable. However, you will need to remove the rule for Windows to work properly.

Link to comment
Share on other sites

Okay, application has been removed.

In regards to working correctly, would creating an additional rule allowing access for ports 80 and 443 be enough? I am trying to totally lock the machine out from the local network. 

Link to comment
Share on other sites

  • Administrators

Do you want to block completely everything, ie achieve the same effect as with disconnecting the network cable from the machine?

Link to comment
Share on other sites

Yes. Eventually I want to be able to granularly allow access but at this time I am focusing on locking the computer completely out of the network.

Link to comment
Share on other sites

Hey Marcos, I know you are most likely pretty busy but would you have any other suggestions to get this policy up and running?

Link to comment
Share on other sites

I think it would but I want to be able to allow connections granularly, I was just starting with fully blocking the network. I think the policy should be able to handle something like that. Granted I am not the most experienced user on ESET.

Link to comment
Share on other sites

So I have been doing a bit more research on this myself, if I am understanding this correctly, https://help.eset.com/protect_cloud/en-US/admin_pol.html?admin_pol_ordering_groups.html, then as long as none of the groups above my dynamic group have a policy with a Force flag enabled, my policy should take priority right? Currently I am assigning it directly to my computer, if my understanding is correct, then this should work since my policy is the only one using the Force flag,

image.png

Yet I am still getting no result when I use my computer. Also Marcos, you asked a bit ago how I was testing for blocking local, I was testing with a ping to a local printer, since I can get a response the firewall was not applying. 

Link to comment
Share on other sites

I have been trying a few more things and still cannot get these firewall rules to be implemented. I know the policy is implementing since I tried using Silent mode and that did turn on when I saved the policy.

I still cannot get the firewall rules though. I am trying with a new one to make sure it has no possible issues from what ever I was messing around with on the older policy.

Currently what I have is:

image.png

image.png

image.png

 

Do I need to fill in the Local and Remote sections? 

Link to comment
Share on other sites

  • Administrators

Is the last screenshot taken from an endpoint? I've put a general blocking rule on top via a policy and all communication was indeed blocked. Tested by opening websites in a browser or pinging other machines or the machine itself.

image.png

Link to comment
Share on other sites

I am still able to view websites and ping local machines when I try. Sorry I should have clarified, my screenshots are from ESET PROTECT CLOUD. I am trying to apply this policy just to my 1 machine on the network.

Link to comment
Share on other sites

  • Administrators

I would check merged rules locally on an endpoint to make sure that the general blocking rules is on top of the pre-set rules.

Link to comment
Share on other sites

  • Administrators
  • Solution

According to the screenshots above you edited the firewall rules but the last screenshot shows that you installed ESET Endpoint Antivirus which doesn't contain a firewall. You must install ESET Endpoint Security instead if your license entitles you to if you want to take advantage of the ESET firewall.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...