Endpoint Security firewall and PDC w2008 server

Discussion in 'ESET Server & Remote Administrator' started by fc42, Nov 23, 2012.

Thread Status:
Not open for further replies.
  1. fc42

    fc42 Registered Member

    Joined:
    Nov 23, 2012
    Posts:
    3
    Location:
    France loire
    Hello,

    I deploy endpoint security over a 25 PCs lan connected to a single Win2008R2 domain controller used as a RAC, RAS, dns, print and files server in a small school. Pricing is the main problem and they don't want to use EFSW on the server.
    I don't find examples (or very confused ones) of the firewall rules needed for a good configuration of the server if I install endpoint protection security on this DC. Are there any examples of xml files containing predefined firewall rules (or a profile) for all the standard functions of active directory and others roles and services ?
    The actual firewall is configured "automatic with exceptions" (default rules have been included but I disabled all the inbound rules) user rules for ports 53,88,123,135,389,445,464,636 and ERAS have been added but the server is still slow to respond and I need fine tuning instructions.
    If Eset firewall does not fit for a DC, I can disable it and use windows 2008 firewall instead on the server.
    I'd be glad to hear solutions from this forum. Thanks.
     
  2. dwomack

    dwomack Eset Staff Account

    Joined:
    Mar 2, 2011
    Posts:
    588
    I'm not sure why pricing would be an issue in using EFSW. As an existing business user, you can migrate to ESET File Security for Microsoft Windows Server for free by contacting their local ESET office. It would certainly be in your best interest to set it up this way, rather than trying to use ESET Endpoint Security through your DC.
     
  3. fc42

    fc42 Registered Member

    Joined:
    Nov 23, 2012
    Posts:
    3
    Location:
    France loire
    Thanks for your answer, in fact according to Eset price list I thought EFSW was a product with an extra price. I did contact Eset and effectively there is a right of installing EFSW for each bundle of 5 EEPAV or EEPS licences sold.
    I will use EFSW for the server and reactivate Windows Firewall with rules for ERAS and ERA acces.

    I'm just worried about uninstalling EEPS5 on the Win 2008R2 server because I tried this on a spare server not in production and the procedure stopped while deleting service ekrn or on uninstalling driver. The server (with a fresh W2008R2 install) had to be hard booted to finish action!! According to eset KB and google, the problem seems to be frequent and no solution was given (except an horrible safe mode procedure and manual uninstallation, impossible on a production server or remotely of course).*
     
  4. jst3751

    jst3751 Registered Member

    Joined:
    Dec 11, 2009
    Posts:
    21
    Location:
    USA
    Why do you want a firewall on a DC? That can mess with a lot of things.
     
  5. MattJN

    MattJN Former ESET Support Rep

    Joined:
    Feb 19, 2010
    Posts:
    149
    Hello,

    When you uninstall the product from the server, what method is being used? We recommend using the built in uninstaller, located in the start menu / all programs / ESET / <ESET Security Product> / uninstall. The reason why is because our software has a self-defense module built in to it that will prevent the control panel from being able to remove the necessary components for a successful uninstall.
     
  6. fc42

    fc42 Registered Member

    Joined:
    Nov 23, 2012
    Posts:
    3
    Location:
    France loire
    Thanks for your answer, I did the uninstallation throught the recommanded process, (from the start menu and Eset uninstallation link as seen in KB).
    Have you any other suggestions ?
    I had to use a "sc delete ekrn" to get rid of the service after hard booting and delete the driver from disk and BRD.
    Not a very nice method on a server I agree but I was then capable to install EFSW 4.5 in place of endpoint security 5.0 2126.3!
    I dont want to use the tool provided by Eset because it seems to cause problems with lan access and needs safe mode to operate.
     
Thread Status:
Not open for further replies.