Jump to content
Network communication blocked after upgrade to macOS 15 (Sequoia) ×

video about how to deal with the actual programs trying to get through the firewall? 

Microbe

By Microbe
in General Discussion

 Share
Go to solution Solved by Marcos,

Recommended Posts

Microbe

Microbe 6

Posted
Posted
Hi ESET Team, 
 
Can you check the below question of one our client:
 
Quote

 

 
"Do you have a video about how to deal with the actual programs trying to get through the firewall?  When I click Network – Resolve blocked communication and need to unblock certain programs, do you have any education around this and what should be allowed and what should not? A lot of these are Windows requests so I am never sure if they should be unblocked or not.  For example… they have the 5 Star rating from eset… so does that mean they are safe?  Internal ip’s not so worrying but external or unusual ip’s are.  Thankyou."

 

 
Can you help us what would be the best recommendation , they are using ESET Business product 
 
Cheers, 
Gil
Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,267

Posted
  • Administrators
Posted

There is no such video. By default all outbound communication is allowed in automatic mode so there should be no need to allow specific communication unless the user uses a server application and computers outside the trusted zone connect to the machine. What issue is the user having? They could simply allow the most recent communication if the communication was desired but was blocked by the firewall.

Link to comment
Share on other sites
Microbe

Microbe 6

Posted
  • Author
Posted

Hi ESET Team, 

 

Thank you for your response, see the below question from our client :

 

 

As per attached, I would like to know more information on what programs should be allowed through and which should not.  Do you have any documentation or recommendations on how to deal with these?
 
The example attached has internal ip’s, which I am comfortable with, however what about the external ip’s and the ip’s written as letters and numbers… are they safe because there is a 5 star rating for example?
 
I guess more importantly, what should I definitely not allow through… any advice in this area would be very helpful.  Thanks.
 
Link to comment
Share on other sites
  • Administrators
  • Solution
Marcos

Marcos 5,267

Posted
  • Administrators
  • Solution
Posted

According to the screenshot, it was mainly inbound communication on local ports 80 and 443 which was blocked. Is a web server running on the machine? If so, since inbound communication from outside the trusted zone is blocked by default, create a firewall rule that will allow inbound communication on TCP ports 80 and 443 for any remote machine (not sure if clicking Unblock would create a rule for any remote IP address in this case).

However, there is also a communication on ports 80 and 443 which was blocked due to the remote machine's IP address being on a blacklist. The IP address appears to be a known source of attacks so I assume the user would not want to allow inbound communication from it (e.g. https://www.abuseipdb.com/check/185.191.127.212).

Link to comment
Share on other sites
Microbe

Microbe 6

Posted
  • Author
Posted

Thank you Marcos, i will send the above information to our client :)

 

Thanks for help :)

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...