How do you allow remoteadmin / WMI trough Client Security Firewall?

Scholar

How do you allow remoteadmin / WMI trough Client Security Firewall?

In windows firewall I can do this:

 

call netsh firewall set service RemoteAdmin enable
call netsh firewall add portopening protocol=tcp port=135 name=DCOM_TCP135

 

But does f-secure support somehow the random wmi ports? 

7 REPLIES 7
Superuser

Re: How do you allow remoteadmin / WMI trough Client Security Firewall?

Application Control is responsible for monitoring inbound traffic for allowed "server" applications. Nevertheless if the possible ports are disallowed for inbound traffic in the ruleset (application control fires just before the "deny all") you need to select a different ruleset and maybe define some user rules.

 

BR

Matthias
----------
perComp is a Platinum Partner of F-Secure since 1994. Any advice or help given by me in this forum is voluntarily and to my best knowledge based on working with the products since 1997. Direct contact for customers please check our homepage http://www.percomp.de

Scholar

Re: How do you allow remoteadmin / WMI trough Client Security Firewall?

I have opened port 135 for dcom, but then the service called RemoteAdmin = WMI can't be defined very clearfully cause its Windows service which runs under svchost.exe.

 

I have one wmi management/monitoring system which needs to connect clients remotely trough wmi and that dcom port. Currently only solution which works at the moment is to open all ip traffic between management server and f-secure clients.

 

So if anyone knows how to do it "by the book" , I would like to hear a solution!

Aspirant

Re: How do you allow remoteadmin / WMI trough Client Security Firewall?

Hi dear!

 

 

Please try these:

  • ICMPv4 Inbound/Outbound
  • TCP Ports 135 and 445 Inbound - for WMI
  • UDP Port 137 Inbound - for Registry Information
  • TCP 1024 - 2000 Inbound - Dynamic Ports for WMI
Kind Regards:
Johan O Olsson/ATEA Sweden AB Karlstad
Superuser

Re: How do you allow remoteadmin / WMI trough Client Security Firewall?

Hi,

allowing TCP 1024-2000 inbound is almost the same as disabling the firewall!

Is WMI changing the port after it has started? if not Application Control should be able to handle that problem.

 

What firewall ruleset are you using?

 

 

Matthias
----------
perComp is a Platinum Partner of F-Secure since 1994. Any advice or help given by me in this forum is voluntarily and to my best knowledge based on working with the products since 1997. Direct contact for customers please check our homepage http://www.percomp.de

Highlighted
Scholar

Re: How do you allow remoteadmin / WMI trough Client Security Firewall?

Hi, mjokinen.. Were you able to work on this? I am getting the same response..

Scholar

Re: How do you allow remoteadmin / WMI trough Client Security Firewall?


@MJ-perComp wrote:

Hi,

allowing TCP 1024-2000 inbound is almost the same as disabling the firewall!

Is WMI changing the port after it has started? if not Application Control should be able to handle that problem.

 

What firewall ruleset are you using?

 

 


 

Hi I'm using office lan security level if you are asking that?
How could the application control handle the WMI requests if I may ask?



Superuser

Re: How do you allow remoteadmin / WMI trough Client Security Firewall?

Hi,

have a look at the profile and you see a deny rule for remote management. Look at the details.

EPMAP/Microsoft DCE.. is the service that is blocked.

 

Add a new rule "WMI", add the service EPMAP and allw inbound communication for the host(s) that shall be allowed to do remote administration.

 

This should be enough to get it working.

 

HTH

Matthias

Matthias
----------
perComp is a Platinum Partner of F-Secure since 1994. Any advice or help given by me in this forum is voluntarily and to my best knowledge based on working with the products since 1997. Direct contact for customers please check our homepage http://www.percomp.de