Allow outgoing RDP connections in Web Access Protection

[FranceBB 6]

Hi there,

I'm currently using ESET Endpoint Protection 10.3.4.0 on RHEL9 as I recently upgraded from the old version 9.x. This new version features the Web Access Protection and it seems to be working ok-ish, however I have one problem: it's blocking both incoming and outgoing RDP requests.

Now, although it's definitely doing the right thing in blocking INCOMING RDP requests as I don't want anyone trying to access this computer, I really don't want it to block OUTGOING RDP connections as I use the Remmina client most of the times to connect to other Windows machines in our local intranet, so they're legit connections. How can I allow outgoing RDP connections in the Web Access Protection? (please don't say Eset Protect).

[Marcos 5,146]

Please raise a support ticket. Web access protection is not a firewall, it scans only HTTP and HTTPS communication on ports 80 and 443.

[itman 1,710]

26 minutes ago, Marcos said:

it scans only HTTP and HTTPS communication on ports 80 and 443.

Actually, its scans all ports. On the other hand, RDP uses the RDP protocol; not HTTPS.

Edited June 3 by itman

[Marcos 5,146]

Still it's would have to be HTTPS communication on a non-standard port. RDP communication is not scanned by WAP. If there was a general problem with this, many more users would report issues with RDP. As I suggested, the best course of action would be to raise a support ticket to get the configuration and logs investigated by ESET support.

[FranceBB 6]

 

19 hours ago, Marcos said:

Please raise a support ticket. Web access protection is not a firewall, it scans only HTTP and HTTPS communication on ports 80 and 443.

Then something else in eset is blocking it, but that would be weird given that in eset 9.x it was working and the only difference between 9.x and 10.x is the Web Access Protection.

The machine on the other end has RDP enabled on the standard port, so TCP 3389.

sudo systemctl disable eea

makes the connection go through, while as soon as I

sudo systemctl enable eea

the connection fails and goes into timeout.

Screenshot in attachment.

I'll open a ticket, though, just to be sure.

 

Edited June 4 by FranceBB

[itman 1,710]

Another thing you can do which will resolve if the issue is Web Access Protection is to exclude the .exe associated with Remmina client from it per below screen shot;

[FranceBB 6]

Well, in the end I had to disable Web Access Protection as it was blocking far too many things aside from RDP, like OpenVPN when running on TCP instead of UDP and other things.

For those who don't have ESET Protect, here's what you can do:

1) Export the default settings (you're gonna get an XML)

sudo /opt/eset/eea/lib/cfg --export-xml /home/FranceBB/Downloads/eset.xml

2) Open it with a text editor and look for the following line

<NODE NAME="WebProtectionEnabled" TYPE="number" VALUE="1" />

3) Change the value to 0

<NODE NAME="WebProtectionEnabled" TYPE="number" VALUE="0" />

4) Import the newly crafted XML

sudo /opt/eset/eea/lib/cfg --import-xml /home/FranceBB/Downloads/eset.xml

 

The Web Access Protection is now disabled and everything is gonna work again: PPTP, L2TP, OpenVPN when running TCP, RDP and so on and so forth. This way you can use Endpoint Protection 10.x as if it was 9.x

Edited June 7 by FranceBB