F-Secure blocking WMI and RPC...

Aquaflow
Aquaflow Posts: 11
in Business Security

Over the weekend, I pushed client 11.60 and while I am not sure if that is related or not, I can no longer do things like:

 

wmic /node:<machine name or IP> bios get serialnumber 

 

I get:

 

Node - <machine name or IP>
ERROR:
Description = The RPC server is unavailable.

 

I am preping a new system but have not pushed F-secure to it yet and this works fine.

 

I have other management systems that depend on RPC and WMI and need to get this back on.

 

Any ideas much appriciated.

Like

Comments

  • Aquaflow
    Aquaflow Posts: 11

    I went ahead and pushed the new machine - WMI and RPC no longer work.

     

    I am not sure what has happened other then pushing the new client (11.60).

     

     

     

    Like
  • etomcat
    etomcat Posts: 1,319 Superuser

    Hello,

     

    Maybe add the "wmic" binary under antivirus exclusions and trusted processes in the FSPM central management and distribute the new policy to clients. That could work around the problem.

     

    Yours Sincerely: Tamas Feher, Hungary.

    Like
  • Aquaflow
    Aquaflow Posts: 11

    WMI does not have a binary - it is a Windows service that is a sub process of svchost.exe - and so is RPC.  These two features of the Windows Management system are used by a number of management/monitoring/system information connection tools and it would seem funny if others are not having this problem.

    Like
  • Larry_FIN
    Larry_FIN Posts: 1

    Hi!

     

    At least in F-Secure PSB, I got this working via application control. It's because WMI uses dynamic ports in addition to WMI static ports .

     

    http://community.f-secure.com/t5/End-point/Dynamic-firewall-rules/ta-p/20664

     

    Br,

     

    LarrY

    Like
This discussion has been closed.

Categories