Jump to content

Allow Windows Server 2012 GPO Policy Results on ESET RA6


Recommended Posts

I upgraded our ESET Remote Adminitrator from 5. something to the new 6. I was able to query my users GPO Policy Results, but now I am unable to do so. I have all of my clients on Endpoint Security 6.1.2109.0.

 

How do I add the specific ports needed for WMI services. I get the following error when trying to complete the Results Wizard. "THE RPC server is unavailable", When I turn off ESET I am allowed connection.

 

How do I add exceptions to my users Firewall, I am also having an issue with Spiceworks no longer reporting on some users computers.

 

Sorry ESET, but Im not liking the new ERA6, it seems like a step backward... :(

post-6497-0-29619900-1427244924_thumb.png

Link to post
Share on other sites
  • Administrators

This looks rather than an issue with ESET Endpoint Security firewall blocking certain communication than an issue caused by ERA6 itself. Do you have the firewall set to work in automatic mode (default)? Have you tried switching it to learning mode for a while until all necessary rules are created automatically?

Link to post
Share on other sites

Yes they are all set to Automatic. Id have 50+ users looking for blood if I roll out a change to constantly do any interaction mode. Is learning mode similar to Automatic with Exceptions?  Plus I do not know in the new ERA6 how to roll out profile changes, any client profiles I change out appear to be locked, I am still learning the new ERA 6.

 

So I did some experimenting and setup my personal profile to learning. With the new ERA 6 how do i use the policies to roll out this change to all my users. I want to change their profiles to be learning rather than Automatic. How do I do that? Also will non administrators be affected. Most if not all my users are not admins on their machine and I have run into issues where they need admin rights to make changes to ESET. I was not affected by this in ERA5 as everyone was set to Automatic, with exceptions.

 

Thanks

Link to post
Share on other sites
  • 10 months later...
  • Administrators

With ESET Endpoint Security v6, you can run a firewall troubleshooting wizard (Setup -> Network -> Troubleshooting wizard) which will display a list of recently blocked communications and enable you to allow it with a few clicks.

Link to post
Share on other sites
  • 2 months later...

I'm having this exact issue with ESET Endpoint Security 6.3.2016.0.  I even tried disabling the ESET firewall and it still blocks the Group Policy Results Wizard.  It allows all other RPC requests - \\computername\C$ can be browsed, I can ping, I can RDP, I can access the remote registry.  These systems are in my trusted zone as a known home/work network.

 

I know it's ESET - I've been able to run the Group Policy Results Wizard on a workstation, then I push ESET, then I can't run the GPRW anymore.  

 

I've opened a ticket with ESET support.

Link to post
Share on other sites
They were able to reproduce this issue - case #1431416.

 

Right now the workaround is to create rules but that kind of sucks.  If I poke holes in the firewall with rules won't those holes be on any network, trusted/home/work or public?  I was hoping automatic mode with a known network / trusted zone config would allow everything.  

 

Also, that troubleshooting wizard for the firewall was not showing this as being blocked.  That was the first thing I tried...

Edited by cpetry
Link to post
Share on other sites

Sorry for the multiple responses after my own.. I just want to document this for others.

 

So the good news is the rules let you select if they are for the trusted zone only.  :)  They gave me three rules to use for WMI / svchost so RSOP would work.  I'll edit this post tomorrow and share them so others can use them until they make an update to include them as default for the trusted zone.

 

I know I can put my endpoints in learning mode and generate rules but I prefer not to do that.  I have no idea what should be allowed on a endpoints installation.  If they are infected and it's communicating, I don't need rules generated for a trojan horse.  So yeah..  I'd rather create them manually with absolute certainty. 

Link to post
Share on other sites
  • 1 year later...
On 5/5/2016 at 7:09 AM, cpetry said:

Sorry for the multiple responses after my own.. I just want to document this for others.

 

So the good news is the rules let you select if they are for the trusted zone only.  :)  They gave me three rules to use for WMI / svchost so RSOP would work.  I'll edit this post tomorrow and share them so others can use them until they make an update to include them as default for the trusted zone.

 

I know I can put my endpoints in learning mode and generate rules but I prefer not to do that.  I have no idea what should be allowed on a endpoints installation.  If they are infected and it's communicating, I don't need rules generated for a trojan horse.  So yeah..  I'd rather create them manually with absolute certainty. 

Hi,

Please, could anyone help me with this issue to solve it? I don't want to set my endpoints in learning mode and rules would help me as much as you can imagine. :-) 

Thank you.

Link to post
Share on other sites
15 hours ago, dennyx said:

Hi,

Please, could anyone help me with this issue to solve it? I don't want to set my endpoints in learning mode and rules would help me as much as you can imagine. :-) 

Thank you.

Does it work if you either add your subnet to trusted zone or set netowork type to Work/Office? The original post was over 2 years ago, I think they already added the required default trusted zone rules in newer versions.

Link to post
Share on other sites
19 hours ago, dennyx said:

Hi,

Please, could anyone help me with this issue to solve it? I don't want to set my endpoints in learning mode and rules would help me as much as you can imagine. :-) 

Thank you.

Create new firewall rule with following settings:

- local ports: 53, 88, 123, 137, 138, 139, 389, 443, 445, 464, 636, 3268, 3269, 49153 - 65535

- remote IP: all your AD servers ... if you have more of them

Link to post
Share on other sites

Hi,

 

@V2TW

I have computers in trusted zone and also type is Work/Office. It is quite strange behavior, because i run Group Policy Update via GPM and at some computers endpoint denied connections and others are fine - for example like screenshot in attachment.

When I turn my firewall off, Group Policy Update works fine. 

@Miami 

Thank you very much, I will try your advice. :-)

endpoint.png

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...