In windows firewall I can do this:
call netsh firewall set service RemoteAdmin enablecall netsh firewall add portopening protocol=tcp port=135 name=DCOM_TCP135
But does f-secure support somehow the random wmi ports?
Application Control is responsible for monitoring inbound traffic for allowed "server" applications. Nevertheless if the possible ports are disallowed for inbound traffic in the ruleset (application control fires just before the "deny all") you need to select a different ruleset and maybe define some user rules.
I have opened port 135 for dcom, but then the service called RemoteAdmin = WMI can't be defined very clearfully cause its Windows service which runs under svchost.exe.
I have one wmi management/monitoring system which needs to connect clients remotely trough wmi and that dcom port. Currently only solution which works at the moment is to open all ip traffic between management server and f-secure clients.
So if anyone knows how to do it "by the book" , I would like to hear a solution!
Please try these:
allowing TCP 1024-2000 inbound is almost the same as disabling the firewall!
Is WMI changing the port after it has started? if not Application Control should be able to handle that problem.
What firewall ruleset are you using?
Hi, mjokinen.. Were you able to work on this? I am getting the same response..
@MJ-perComp wrote:Hi,allowing TCP 1024-2000 inbound is almost the same as disabling the firewall!Is WMI changing the port after it has started? if not Application Control should be able to handle that problem. What firewall ruleset are you using?
have a look at the profile and you see a deny rule for remote management. Look at the details.
EPMAP/Microsoft DCE.. is the service that is blocked.
Add a new rule "WMI", add the service EPMAP and allw inbound communication for the host(s) that shall be allowed to do remote administration.
This should be enough to get it working.