ESS firewall blocks Remote Desktop Connection

Discussion in 'ESET Smart Security' started by kwg, Aug 11, 2009.

Thread Status:
Not open for further replies.
  1. kwg

    kwg Registered Member

    Joined:
    Jun 30, 2007
    Posts:
    126
    Today Microsoft released this critical update:

    http://www.microsoft.com/technet/security/Bulletin/MS09-044.mspx

    Following installation of this update I am no longer able to establish a Remote Desktop Connection unless I first disable the ESS firewall. Here's the scenario:

    1. I connect successfully to the remote server via VPN.

    2. The remote server displays a complete list of available remote desktops.

    3. When I attempt to establish a connection to any of these desktops, I receive a "Client could not establish a connection to the remote computer" error message.

    If I disable the ESS firewall between Steps 2 and 3, I can connect to the remote computer successfully.

    The ESS logs show no entries for today other than the usual signature updates.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Have you switched the firewall either to learing mode or interactive or policy-based mode whilst creating the appropriate rules for incoming connections via RDP?
     
  3. kwg

    kwg Registered Member

    Joined:
    Jun 30, 2007
    Posts:
    126
    My firewall mode is interactive. I haven't switched the firewall mode since installing ESS.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Try enabling logging blocked connections in the IDS section of the firewall setup so that you can see which rule is blocking RDP connections in the firewall log. Remember to disable logging when done.
     
  5. kwg

    kwg Registered Member

    Joined:
    Jun 30, 2007
    Posts:
    126
    Thank you, Marcos, for your prompt responses to my posts.

    It appears that the problem I reported is correcting itself as remote computers apply the latest Microsoft Update. This update, when applied to Windows XP SP3, upgrades RDP from version 5.2 to 6.1. When the local and remote computers are not both using version 6.1, the ESS firewall blocks the connection and enters "Packet blocked by active defense (IDS)" in the firewall log (when logging "blocked connections" is enabled).
     
Thread Status:
Not open for further replies.