Jump to content

ESET firewall rules apparently blocking file sharing


Recommended Posts

I've got a server running Windows Server 2012 R2, using ESET 5.X on the server and about 20 workstations, using ERA to push install.

 

I migrated to Server 2012 from a 32-bit 2003 R2 server, using a second machine as an intermediary. 

 

Following the migration, and after installing the ESET stuff, I discovered that no user machines could connect to the server unless I disabled the server's Windows Firewall for the domain. Looking at the firewall rules, I saw a bunch of rules, as you can see in the attachment, which appear to be ESET rules, and which I suspect are the source of my problem. (Actually, you won't see it in the attachment, since I get a 403 when I try to attach files, but you can view it at https://www.dropbox.com/s/g745o02qrhfvaj5/Screen%20Shot%202016-03-22%20at%2012.59.27.png?dl=0) 

 

Each of the rules are for the domain, are enabled, and action=Block. The rule names are:

137-138:UDP:Enabled:ESET

139:TCP:Enabled:ESET

2221-2225:TCP:Enabled:ESET

2846:TCP:Enabled:ESET

445:TCP:Enabled:ESET

 

My first question is: how do I get rid of these rules? If I try to disable or delete them, I get a message which I should have written down which made me think that they were set in Group Policy, but I didn't see them there, though I didn't do an exhaustive search. 

 

My second question is: What do I have to do to get ESET to answer a question like this? I put in a support ticket on this 4 times, and each time the ticket was immediately closed without any communication to me. 

Link to post
Share on other sites

We're running ESET Endpoint Antivirus 5 on all machines, including the server. After I noticed the ESET firewall rules, I uninstalled Endpoint Antivirus, but the rules remained, so I re-installed Endpoint Antivirus.

 

Do these rules look like they come from another ESET product?

Link to post
Share on other sites
  • ESET Staff

Hi @angkor,

 

ESET Endpoint Security contains firewall, ESET Endpoint Antivirus not!

 

By the way, is better have a ESET product for Server installed instead a product for terminals.

If is a server for files, I should install ESET File Security for Windows Server.

 

My first question is: how do I get rid of these rules? If I try to disable or delete them, I get a message which I should have written down which made me think that they were set in Group Policy, but I didn't see them there, though I didn't do an exhaustive search. 

 

All the ports you mention on those rules are used be ESET Remote Administrator to work properly.

 

  • Do you try to reset your Windows Server firewall, reboot and check?
     
  • Do you previously have ESET Endpoint Security installed there?
     
  • Do you try a uninstall (saving ERA database if you need it) reboot and install again?

 

My second question is: What do I have to do to get ESET to answer a question like this? I put in a support ticket on this 4 times, and each time the ticket was immediately closed without any communication to me.

 

I'm not answering on ESET behalf but, my curiosity triggers me...

 

Where exactly you open your ticket and targeting who?

(ESET Internation, your ESET country distributor, an ESET Partner in your country).

Link to post
Share on other sites

Sorry for the delay, but it's Khmer New Year here, and things are a little discombobulated as a result.

 

I know that Endpoint Antivirus doesn't have a firewall, and yet, there those rules are.

 

The rules survive a reset and reboot. 

 

I don't think anyone tried to install Endpoint Security — I don't think the installer will even run on Server 2012 R2, will it?

 

Yes, I uninstalled ESET and rebooted — the rules survived that.

 

As I said, I think they were set somewhere in Group Policy — I just need to know where in Group Policy they are set.

 

I asked my questions at ESET International.

 

At this point, I'm not as interested in doing a forensic analysis of how these rules got installed, but am much more focused on getting rid of them. So I have these questions:

  1.  Are these rules in fact from an ESET product? Could someone who has Endpoint Security look at their firewall rules and see if these rules are there on their firewall?
  2. Where are these rules set, and how do I delete them?
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...