Moniker 0 Posted March 25, 2015 Share Posted March 25, 2015 I upgraded our ESET Remote Adminitrator from 5. something to the new 6. I was able to query my users GPO Policy Results, but now I am unable to do so. I have all of my clients on Endpoint Security 6.1.2109.0. How do I add the specific ports needed for WMI services. I get the following error when trying to complete the Results Wizard. "THE RPC server is unavailable", When I turn off ESET I am allowed connection. How do I add exceptions to my users Firewall, I am also having an issue with Spiceworks no longer reporting on some users computers. Sorry ESET, but Im not liking the new ERA6, it seems like a step backward... Link to comment Share on other sites More sharing options...
Administrators Marcos 4,695 Posted March 25, 2015 Administrators Share Posted March 25, 2015 This looks rather than an issue with ESET Endpoint Security firewall blocking certain communication than an issue caused by ERA6 itself. Do you have the firewall set to work in automatic mode (default)? Have you tried switching it to learning mode for a while until all necessary rules are created automatically? Link to comment Share on other sites More sharing options...
Moniker 0 Posted March 25, 2015 Author Share Posted March 25, 2015 Yes they are all set to Automatic. Id have 50+ users looking for blood if I roll out a change to constantly do any interaction mode. Is learning mode similar to Automatic with Exceptions? Plus I do not know in the new ERA6 how to roll out profile changes, any client profiles I change out appear to be locked, I am still learning the new ERA 6. So I did some experimenting and setup my personal profile to learning. With the new ERA 6 how do i use the policies to roll out this change to all my users. I want to change their profiles to be learning rather than Automatic. How do I do that? Also will non administrators be affected. Most if not all my users are not admins on their machine and I have run into issues where they need admin rights to make changes to ESET. I was not affected by this in ERA5 as everyone was set to Automatic, with exceptions. Thanks Link to comment Share on other sites More sharing options...
Marc-Olivier 0 Posted February 18, 2016 Share Posted February 18, 2016 Hi, I have the same problem, i'm not able to run my GPO result. If i turn the firewall off everything is fine, but even in learning mode, GPO result are not working. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,695 Posted February 18, 2016 Administrators Share Posted February 18, 2016 With ESET Endpoint Security v6, you can run a firewall troubleshooting wizard (Setup -> Network -> Troubleshooting wizard) which will display a list of recently blocked communications and enable you to allow it with a few clicks. Link to comment Share on other sites More sharing options...
cpetry 4 Posted May 2, 2016 Share Posted May 2, 2016 I'm having this exact issue with ESET Endpoint Security 6.3.2016.0. I even tried disabling the ESET firewall and it still blocks the Group Policy Results Wizard. It allows all other RPC requests - \\computername\C$ can be browsed, I can ping, I can RDP, I can access the remote registry. These systems are in my trusted zone as a known home/work network. I know it's ESET - I've been able to run the Group Policy Results Wizard on a workstation, then I push ESET, then I can't run the GPRW anymore. I've opened a ticket with ESET support. Link to comment Share on other sites More sharing options...
cpetry 4 Posted May 2, 2016 Share Posted May 2, 2016 (edited) They were able to reproduce this issue - case #1431416. Right now the workaround is to create rules but that kind of sucks. If I poke holes in the firewall with rules won't those holes be on any network, trusted/home/work or public? I was hoping automatic mode with a known network / trusted zone config would allow everything. Also, that troubleshooting wizard for the firewall was not showing this as being blocked. That was the first thing I tried... Edited May 2, 2016 by cpetry Link to comment Share on other sites More sharing options...
cpetry 4 Posted May 5, 2016 Share Posted May 5, 2016 Sorry for the multiple responses after my own.. I just want to document this for others. So the good news is the rules let you select if they are for the trusted zone only. They gave me three rules to use for WMI / svchost so RSOP would work. I'll edit this post tomorrow and share them so others can use them until they make an update to include them as default for the trusted zone. I know I can put my endpoints in learning mode and generate rules but I prefer not to do that. I have no idea what should be allowed on a endpoints installation. If they are infected and it's communicating, I don't need rules generated for a trojan horse. So yeah.. I'd rather create them manually with absolute certainty. Link to comment Share on other sites More sharing options...
dennyx 0 Posted June 12, 2017 Share Posted June 12, 2017 On 5/5/2016 at 7:09 AM, cpetry said: Sorry for the multiple responses after my own.. I just want to document this for others. So the good news is the rules let you select if they are for the trusted zone only. They gave me three rules to use for WMI / svchost so RSOP would work. I'll edit this post tomorrow and share them so others can use them until they make an update to include them as default for the trusted zone. I know I can put my endpoints in learning mode and generate rules but I prefer not to do that. I have no idea what should be allowed on a endpoints installation. If they are infected and it's communicating, I don't need rules generated for a trojan horse. So yeah.. I'd rather create them manually with absolute certainty. Hi, Please, could anyone help me with this issue to solve it? I don't want to set my endpoints in learning mode and rules would help me as much as you can imagine. :-) Thank you. Link to comment Share on other sites More sharing options...
V2TW 3 Posted June 13, 2017 Share Posted June 13, 2017 15 hours ago, dennyx said: Hi, Please, could anyone help me with this issue to solve it? I don't want to set my endpoints in learning mode and rules would help me as much as you can imagine. :-) Thank you. Does it work if you either add your subnet to trusted zone or set netowork type to Work/Office? The original post was over 2 years ago, I think they already added the required default trusted zone rules in newer versions. Link to comment Share on other sites More sharing options...
Miami 4 Posted June 13, 2017 Share Posted June 13, 2017 19 hours ago, dennyx said: Hi, Please, could anyone help me with this issue to solve it? I don't want to set my endpoints in learning mode and rules would help me as much as you can imagine. :-) Thank you. Create new firewall rule with following settings: - local ports: 53, 88, 123, 137, 138, 139, 389, 443, 445, 464, 636, 3268, 3269, 49153 - 65535 - remote IP: all your AD servers ... if you have more of them Link to comment Share on other sites More sharing options...
dennyx 0 Posted June 13, 2017 Share Posted June 13, 2017 Hi, @V2TW I have computers in trusted zone and also type is Work/Office. It is quite strange behavior, because i run Group Policy Update via GPM and at some computers endpoint denied connections and others are fine - for example like screenshot in attachment. When I turn my firewall off, Group Policy Update works fine. @Miami Thank you very much, I will try your advice. :-) Link to comment Share on other sites More sharing options...
Recommended Posts