F-Secure blocking WMI and RPC...

Over the weekend, I pushed client 11.60 and while I am not sure if that is related or not, I can no longer do things like:

 

wmic /node:<machine name or IP> bios get serialnumber 

 

I get:

 

Node - <machine name or IP>
ERROR:
Description = The RPC server is unavailable.

 

I am preping a new system but have not pushed F-secure to it yet and this works fine.

 

I have other management systems that depend on RPC and WMI and need to get this back on.

 

Any ideas much appriciated.

Accepted Answer

Comments

  • I went ahead and pushed the new machine - WMI and RPC no longer work.

     

    I am not sure what has happened other then pushing the new client (11.60).

     

     

     

  • etomcatetomcat Posts: 1,319 Superuser

    Hello,

     

    Maybe add the "wmic" binary under antivirus exclusions and trusted processes in the FSPM central management and distribute the new policy to clients. That could work around the problem.

     

    Yours Sincerely: Tamas Feher, Hungary.

  • WMI does not have a binary - it is a Windows service that is a sub process of svchost.exe - and so is RPC.  These two features of the Windows Management system are used by a number of management/monitoring/system information connection tools and it would seem funny if others are not having this problem.

  • Hi!

     

    At least in F-Secure PSB, I got this working via application control. It's because WMI uses dynamic ports in addition to WMI static ports .

     

    http://community.f-secure.com/t5/End-point/Dynamic-firewall-rules/ta-p/20664

     

    Br,

     

    LarrY

This discussion has been closed.