Microbe 7 Posted June 20 Posted June 20 Hi ESET Team, Can you check the below question of one our client: Quote "Do you have a video about how to deal with the actual programs trying to get through the firewall? When I click Network – Resolve blocked communication and need to unblock certain programs, do you have any education around this and what should be allowed and what should not? A lot of these are Windows requests so I am never sure if they should be unblocked or not. For example… they have the 5 Star rating from eset… so does that mean they are safe? Internal ip’s not so worrying but external or unusual ip’s are. Thankyou." Can you help us what would be the best recommendation , they are using ESET Business product Cheers, Gil
Administrators Marcos 5,451 Posted June 20 Administrators Posted June 20 There is no such video. By default all outbound communication is allowed in automatic mode so there should be no need to allow specific communication unless the user uses a server application and computers outside the trusted zone connect to the machine. What issue is the user having? They could simply allow the most recent communication if the communication was desired but was blocked by the firewall.
Microbe 7 Posted June 20 Author Posted June 20 Hi ESET Team, Thank you for your response, see the below question from our client : As per attached, I would like to know more information on what programs should be allowed through and which should not. Do you have any documentation or recommendations on how to deal with these? The example attached has internal ip’s, which I am comfortable with, however what about the external ip’s and the ip’s written as letters and numbers… are they safe because there is a 5 star rating for example? I guess more importantly, what should I definitely not allow through… any advice in this area would be very helpful. Thanks.
Administrators Solution Marcos 5,451 Posted June 21 Administrators Solution Posted June 21 According to the screenshot, it was mainly inbound communication on local ports 80 and 443 which was blocked. Is a web server running on the machine? If so, since inbound communication from outside the trusted zone is blocked by default, create a firewall rule that will allow inbound communication on TCP ports 80 and 443 for any remote machine (not sure if clicking Unblock would create a rule for any remote IP address in this case). However, there is also a communication on ports 80 and 443 which was blocked due to the remote machine's IP address being on a blacklist. The IP address appears to be a known source of attacks so I assume the user would not want to allow inbound communication from it (e.g. https://www.abuseipdb.com/check/185.191.127.212).
Microbe 7 Posted June 24 Author Posted June 24 Thank you Marcos, i will send the above information to our client Thanks for help
Recommended Posts