Endpoint Protection

G'day, we use SEP12.1 with the FW policy rule enabled to block local file sharing from external computers, ports UDP 137, UDP 138, TCP 139, & TCP 445. I want to create a new rule to allow the traffic from the DameWare APPLICATION (using the executable) only, through the ports, also allowign the DW port. I have created the rule below the BLOCK rule - please see attachment - but it still blocks it. Can you please help?? We have Win7 and Win XP OS versions.

Hope the Application name is correct along with the ports. Move the DM Policy on the Top.

Move the rule 6 above the blue line

update the policy check if that works.

took this from Dameware forum

Spoke to Symantec Tech support. On the Symantec Endpoint Protection Manager we went to "Policies", "Firewall", "Edit", select "Global" or the group you want the policy to be applied to, click "Rules", "Add Black Rule".

A new row appears, under name replace "Rule0" with Dameware, under "Services" "Add" a service with the TCP protocol selected and local & remote ports set to 6129 and direction set to both.

The tech had us move that rule all the way up in order. After a few minutes the change propagated to the test machines and we were good. We were also able to install the Dameware solution without creating any additional rules for 137, 139 ...

http://forums.dameware.com/viewtopic.php?f=9&t=343

Thanks for the replies  - i truely appreciate the assistance..

Ok - so firstly - i am unsure if the application executable is correct - i also engaged SolarWinds (Dameware) to assist in that, as i would like to restrict access to the DW app only.. Anyway, so i upped the rule to just above the blue line - but did not work.

I am testing the rule i now modified from Rafeeq's second post from Dameware forums. I will let you know.. Thanks buddies :-)

nooooooo!!!! Stinot work. I have registered at the dameware site and will also add this thread on their forums. There must be a solution - still maybe using the application exe, and correct ports... sigh**

If i do find a solution i will post it here as well... Thanks everyone. If you have any more ideas please let me know.

I have tried all the file share ports, along with 6129.. still nothing... will keep trying..

can you post the screen shot of dameware getting blocked?

My DW rule (configured for all ports as per the "block file sharing... " Rule), is right at the top of the list. Now, DW still gives access denied error, however, the logs on my client displays port 547 as being blocked, under rule "Block all other IP traffic and log"... It is as if it now does not even read my rule right at the top...

DW just has a normal pop-up that says access denied. This is due to the ADMIN$ share being disabled when the file sharing rule is enabled. DW wants to install the agent to the ADMIN$...share.

The executable to use is dwrcs.exe

Is this the one you're using?