Jump to content

video about how to deal with the actual programs trying to get through the firewall? 


Go to solution Solved by Marcos,

Recommended Posts

Hi ESET Team, 
 
Can you check the below question of one our client:
 
Quote

 

 
"Do you have a video about how to deal with the actual programs trying to get through the firewall?  When I click Network – Resolve blocked communication and need to unblock certain programs, do you have any education around this and what should be allowed and what should not? A lot of these are Windows requests so I am never sure if they should be unblocked or not.  For example… they have the 5 Star rating from eset… so does that mean they are safe?  Internal ip’s not so worrying but external or unusual ip’s are.  Thankyou."

 

 
Can you help us what would be the best recommendation , they are using ESET Business product 
 
Cheers, 
Gil
Link to comment
Share on other sites

  • Administrators

There is no such video. By default all outbound communication is allowed in automatic mode so there should be no need to allow specific communication unless the user uses a server application and computers outside the trusted zone connect to the machine. What issue is the user having? They could simply allow the most recent communication if the communication was desired but was blocked by the firewall.

Link to comment
Share on other sites

Hi ESET Team, 

 

Thank you for your response, see the below question from our client :

 

 

As per attached, I would like to know more information on what programs should be allowed through and which should not.  Do you have any documentation or recommendations on how to deal with these?
 
The example attached has internal ip’s, which I am comfortable with, however what about the external ip’s and the ip’s written as letters and numbers… are they safe because there is a 5 star rating for example?
 
I guess more importantly, what should I definitely not allow through… any advice in this area would be very helpful.  Thanks.
 
Link to comment
Share on other sites

  • Administrators
  • Solution

According to the screenshot, it was mainly inbound communication on local ports 80 and 443 which was blocked. Is a web server running on the machine? If so, since inbound communication from outside the trusted zone is blocked by default, create a firewall rule that will allow inbound communication on TCP ports 80 and 443 for any remote machine (not sure if clicking Unblock would create a rule for any remote IP address in this case).

However, there is also a communication on ports 80 and 443 which was blocked due to the remote machine's IP address being on a blacklist. The IP address appears to be a known source of attacks so I assume the user would not want to allow inbound communication from it (e.g. https://www.abuseipdb.com/check/185.191.127.212).

Link to comment
Share on other sites

Thank you Marcos, i will send the above information to our client :)

 

Thanks for help :)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...