Guest Cornel Posted September 4, 2013 Posted September 4, 2013 Hey guys I just deployed Eset endpoint security in my network, and since Spiceworks cannot connect to the terminals anymore. I created a general rule to allow connections from my server, that is running spiceworks on, to port 135 (this is the port spiceworks connects to) but when the server tries to connect and scan client it get blocked by firewall with "detected port scanning attack" Firewall on clients is set to "Automatic with user created rules". Can anyone help?
Arakasi 549 Posted September 4, 2013 Posted September 4, 2013 (edited) Are you sure its a direct connection from the Server ? I would also be interested in knowning what protocols. Have a look at this article Cornel ! hxxp://community.spiceworks.com/help/Is_My_Firewall_Software_Getting_In_The_Way%3F Nice to meet you sir, and let me know if you need some assistance configuring firewall, AFTER you have read above article ! Looks like you need all these exclusions set on host, or on your server : C:\Program Files\Spiceworks\httpd\bin\spiceworks-httpd.exe C:\Program Files\Spiceworks\bin\nmap.exe C:\Program Files\Spiceworks\bin\spiceworks.exe C:\Program Files\Spiceworks\bin\spicetray.exe C:\Program Files\Spiceworks\bin\spiceworks-finder.exe C:\Program Files\Spiceworks\pkg\gems\spiceworks_common-x.x.xxxxx\nbtscan\nbtscan.exe and fill spiceworks directory. Good information in that article i posted !! Edited September 4, 2013 by Arakasi
ESET Moderators Peter Randziak 1,186 Posted September 4, 2013 ESET Moderators Posted September 4, 2013 Hello Cornel, in case you are getting detected port scanning attack you need to exclude IP address(es), from which you are getting the attack from IDS as far as these rules are evaluated even before the firewall rules.
Recommended Posts