bvj 1 Posted February 16, 2015 Share Posted February 16, 2015 Working remotely, I managed to click Block all network traffic instead of Pause firewall, on a workstation's Endpoint Security 6.x task menu. I didn't intend to lock myself out of the workstation. The target workstation is registered with ERA 6.x. I tried a variety of policies to permit remote access to the workstation, but no luck. Any ideas to reverse/undo the Block that can be facilitated by ERA and the workstation's installed agent? Link to comment Share on other sites More sharing options...
bvj 1 Posted February 16, 2015 Author Share Posted February 16, 2015 I managed to get a body in front of the workstation to release the Block. From what I could tell, not even the agent could communicate to ERA. ESET, I recommend providing the user the chance to specify a duration for the Block with the default value set to 15 min. Other duration values could be 1 hour, 4 hours, and Indefinite. It would also make sense to keep the agent port active unless the user elects otherwise. In theory with the agent port open, I could have applied a corrective policy. My click error that activated the Block occurred over a slow VNC connection where visualization of mouse movement lagged actual activity. I never expected the immediate shutout. Link to comment Share on other sites More sharing options...
jimwillsher 65 Posted February 16, 2015 Share Posted February 16, 2015 I love the Cisco configuration option "reload in xxx", e.g. "reload in 5". You run "reload in 5" and you then have 5 minutes to make and save your changes, before running "reload cancel". That way, if you do anything catastrophic, like cutting yourself off, you only have to wait 5 minutes before the remote unit reloads your previous configuration. A lifesaver, I can tell you! :-) Something similar here would be good. Link to comment Share on other sites More sharing options...
Recommended Posts