Best practices: MS Security baselines with WithSecure firewall?
We're using the MS Security Baseline GPOs, which enable the Windows Firewall, blocking all incoming connections, and allowing all outgoing connections. With these settings, the "Isolate a device" function in WithSecure doesn't work because it cannot overrule the GPO rules, which means that the outbound connections are not blocked by WithSecure.
I then tried creating a second GPO to override de Baseline GPO, which also blocks all outbound connections. Besides that, I added a rule to the WithSecure firewall profile to allow all outbound connections. This seems to work fine. Putting a test-pc in isolation indeed blocks all traffic, and I see a couple of outbound WithSecure firewall rules to allow it to communicate to it's servers.
However, after putting the host in isolation and releasing it a couple of times, it got stuck in isolation, and I was unable to release it. Even though all the same outbound rules were created, no outbound connections could be made by the client. This is a situation that I don't want to be in in production of course.
During the tests, I disabled the "allow other rules" at some point, maybe that was a bad idea.
Anyway, I am curious about the correct way to set these things up. We can't be the only company that uses these MS Security Baselines combined with the WithSecure firewall? The documentation on the WithSecure site way too limited ...