ESET FIREWALL and WIndows 2003 Server Machine (PLZ Help)

I Have a Domain controller Server and Active Directory and DNS Installed(MS windows 2003 ), I have Installed ESEST SMART Security Business Edition on the server machine, But when Automatic Firewall is on (as by default), there will be some miscommunication or no communication between the Server and Clients,
as a solution I used Interactive firewall mode which when I accept the inbound and outbound Traffic, that communication can happen, but when I create a rule so next time it should remember, it still will ask about the Traffic to allow or deny. because there are plenty of Services which run in system Background with Ports and Application and it is not possible to sit in front of server and decide to allow and deny each of them! And while it’s not possible to know all system services and Port which the server requires to Work properly ....So my question is:
is there any solution or a way to Install ESET Smart security on Server Machine to operate properly ?

 

Yes , there is a solution and it is called Policy-based mode .
http://kb.eset.com/esetkb/index?pag...earch&viewlocale=en_US&searchid=1239177700208

http://kb.eset.com/esetkb/index?pag...earch&viewlocale=en_US&searchid=1239177700208

Create all the rules previously .


Another solution is to uninstall ESET Smart Security from the server and install only ESET NOD32 Antivirus (which doesn't have the firewall and anti-SPAM modules) . Use Windows Firewall for that server along with NOD32. Your license supports downgrade so NOD32 can be downloaded/installed with no problems.

 

Read this , too
http://kb.eset.com/esetkb/index?pag...earch&viewlocale=en_US&searchid=1239178041394

 

Dear Hitech_boy

I would like to thank you for your reply,,appreciated

I have tired these but the problem is that it will block everthing ,, so you have to find all services and application which a Server 2003 machine needs to comunicate and run in background or foreground to work ,it is a Painful way which I can not find and then Define ALL Rules!!! I don't know how many and for which application and services I should Create a rule and finally Which PORT and Which Protocol to use?!!!!!
So It's really confusing and tough...
App+Port+Protocol ?!!!
about second solution ,, I need Firewall , windows firewall is not enough..that's why I have ESET Samrt security...
please Help while I have 6 Servers and with the same Problems....

 

Shahab,

I experienced a similar issue with using ESET on the domain controller (v3 - haven't tried V4 because I need answers as to some of the technical aspects of the rule base that I haven't yet been able to get before I'll try again on it).

Despite permissioning a rule that allowed all inbound and outbound traffic in the trusted domain for "All" unspecified apps and scvhost.exe, I found that the there was interference with DNS and domain authentication from ESET. In fact, even if I "temporarily disabled" the firewall on the DC, the issues persisted. Finally, I removed ESET from the DC and utilized on of my remaining Symantec Corp licenses there, and this eliminated the problem.

And in addition, at times on other servers, I was finding that despite the rules for Netbios, it appears as though at some level Netbios is being blocked too - but wierdly. One user would connect fine, and another could not - I believe that what was actually happening is that the server is having difficulty with authenticating connections to the DC, and was using the cached information and as users approached the cache timeout were being denied.

Long story short, I've determined that the best thing about V4 is that I can configure the firewall "off" while I try to get answers. I know this isn't the answer you were looking for - but I thought knowing that you aren't alone might ease the frustration.

Now, if I could only just get some answers from ESET, I might be able to pass them on ....

 

Unless you have configured rules - YES . That is why it is called Policy-based mode.

No . You need to configure a few rules and don't always need to specify the port used . Your rules can be general and specific , which means that if enter a application but don't enter port used , the rule will apply for any port (and vice-versa) . You can create one or more rules (a bit more general) for allowing the traffic for your network.

There is nothing wrong with Windows Firewall - excellent one , in my opinion. I don't know why would one need more than WF on a server .

ANY software firewall (like EPF in ESS) will act the same way , it will require rules to be created , used , applied .


Is there anything that you require to block on that server?

---
By the way , here is one more link that could be useful:
http://download.eset.com/manuals/ESET_PersonalFirewall_UG_EN.pdf

 

ThanX,,, Friends..

Dear K12RS and HiTech_boy ,,,the Problem is that I need to know which rules and How I should create;
Suppose 1-to let DNS Work and communicate
2-to Allow Logining on domain from clients
3-to allowing joining workstations to Domain
4-Comunications between Servers parent and chileds...
for me I disabled the Firewall to do all,,
but when I Enable it .. in interactive mode.. It will ask 1000 times about some process some applications even I created a Custom rule for that ,but still I see Firewall is asking deny or allow??!! with alots of these allow or deny.. I can not accomplish the tasks I mentioned
I am disappointed..
any templates or predefined rules for atleast the tasks above..

Thanks,,,

 

Hello!

DNS usually happens on port 53
A rule can be created to allow incoming or outgoing communication (perhaps you'll need incoming) TCP and UDP
Port 53 (Local)

As for the others , you need to be more specific.

What about using Learning mode - available in v4 of ESS
http://kb.eset.com/esetkb/index?pag...earch&viewlocale=en_US&searchid=1239177700208

Use it for a few days , monitor the auto-created rules and then edit them so that you later you can turn to Policy-based mode.

I still insist on my suggest of installing just ESET NOD32 and use Windows Firewall as your firewall. One more thing you could do is to contact ESET Customer care or a local ESET reseller and ask for some technician to visit you and your company so that they explain you in details the way ESET products works and show you practically how to configure the firewall and the whole product.

 

Thanks again,,
I tried them, but still I am facing the same..
there should be a specified rules atleast for DCs or in case any user had the same and solve it out by creating some useful rules ...
I don't know...!!!!
regarding local eset support ..no use I emailed them but seems to be they don't Know the exact solution or even try to solve it out..and there is nothing that much in Help and Manuals regarding how to set it up it in DC.

by the way I am using V3.. (but Can I use the same license to use V4 )

 

Their answers will be general (just like mine) because what you want is something very specific. Nobody can remotely just tell you how to create your specific rules because nobody has information about your specific network.

I resell ESET product and that is why I told you to contact ESET or your local reseller . I don't know where you are from nor who you purchased your ESS license from but if I were you I'd ask someone to visit me and my company , gather information about the network and the whole situation and show you in place how to work with the program.

Sure . As long as your license is active , you can use whatever version you choose and always upgrade for free to the newest one.

 

hi,

I found ESET v4 is Ok with..

but after 2 days now I recive an error :

" personal firewall rules could not be converted for unknown reason "

any Help

Thanks

 

I have the same roblem with win 2003 SBS server!
everything were good until i try to convert the hard disks to dynamic for mirror use! i got the same message and all network trafic is blocked!! PLZ help everyone!!!

 

Why are you trying to run ESS on a DC?

Your DC should be behind a firewall.
It's only going to slow it down. See the comment here: http://www.eset.com/download/business-64bit.php

Also, I personally don't run the real time checker. All files opened from clients will be checked by them. Just run a scan every night.

Also, make sure you put in all the exclusions suggested here:
http://support.microsoft.com/kb/822158

And don't browse the web from your DC!!!!