How do you allow remoteadmin / WMI trough Client Security Firewall?

In windows firewall I can do this:

 

call netsh firewall set service RemoteAdmin enable
call netsh firewall add portopening protocol=tcp port=135 name=DCOM_TCP135

 

But does f-secure support somehow the random wmi ports? 

Comments

  • MJ-perCompMJ-perComp Posts: 1,098 Superuser

    Application Control is responsible for monitoring inbound traffic for allowed "server" applications. Nevertheless if the possible ports are disallowed for inbound traffic in the ruleset (application control fires just before the "deny all") you need to select a different ruleset and maybe define some user rules.

     

    BR

  • I have opened port 135 for dcom, but then the service called RemoteAdmin = WMI can't be defined very clearfully cause its Windows service which runs under svchost.exe.

     

    I have one wmi management/monitoring system which needs to connect clients remotely trough wmi and that dcom port. Currently only solution which works at the moment is to open all ip traffic between management server and f-secure clients.

     

    So if anyone knows how to do it "by the book" , I would like to hear a solution!

  • johan65johan65 Posts: 20 New Member

    Hi dear!

     

     

    Please try these:

    • ICMPv4 Inbound/Outbound
    • TCP Ports 135 and 445 Inbound - for WMI
    • UDP Port 137 Inbound - for Registry Information
    • TCP 1024 - 2000 Inbound - Dynamic Ports for WMI
  • MJ-perCompMJ-perComp Posts: 1,098 Superuser

    Hi,

    allowing TCP 1024-2000 inbound is almost the same as disabling the firewall!

    Is WMI changing the port after it has started? if not Application Control should be able to handle that problem.

     

    What firewall ruleset are you using?

     

     

  • celaveycelavey Posts: 40

    Hi, mjokinen.. Were you able to work on this? I am getting the same response..image

  • mjokinenmjokinen Posts: 3

    @MJ-perComp wrote:

    Hi,

    allowing TCP 1024-2000 inbound is almost the same as disabling the firewall!

    Is WMI changing the port after it has started? if not Application Control should be able to handle that problem.

     

    What firewall ruleset are you using?

     

     


     

    Hi I'm using office lan security level if you are asking that?
    How could the application control handle the WMI requests if I may ask?



  • MJ-perCompMJ-perComp Posts: 1,098 Superuser

    Hi,

    have a look at the profile and you see a deny rule for remote management. Look at the details.

    EPMAP/Microsoft DCE.. is the service that is blocked.

     

    Add a new rule "WMI", add the service EPMAP and allw inbound communication for the host(s) that shall be allowed to do remote administration.

     

    This should be enough to get it working.

     

    HTH

    Matthias

    etf_luX
This discussion has been closed.