F-Secure blocking WMI and RPC...

Aquaflow

Over the weekend, I pushed client 11.60 and while I am not sure if that is related or not, I can no longer do things like:

 

wmic /node:<machine name or IP> bios get serialnumber 

 

I get:

 

Node - <machine name or IP>
ERROR:
Description = The RPC server is unavailable.

 

I am preping a new system but have not pushed F-secure to it yet and this works fine.

 

I have other management systems that depend on RPC and WMI and need to get this back on.

 

Any ideas much appriciated.

Aquaflow

I went ahead and pushed the new machine - WMI and RPC no longer work.

 

I am not sure what has happened other then pushing the new client (11.60).

 

 

 

etomcat

Hello,

 

Maybe add the "wmic" binary under antivirus exclusions and trusted processes in the FSPM central management and distribute the new policy to clients. That could work around the problem.

 

Yours Sincerely: Tamas Feher, Hungary.

Aquaflow

WMI does not have a binary - it is a Windows service that is a sub process of svchost.exe - and so is RPC.  These two features of the Windows Management system are used by a number of management/monitoring/system information connection tools and it would seem funny if others are not having this problem.

Larry_FIN

Hi!

 

At least in F-Secure PSB, I got this working via application control. It's because WMI uses dynamic ports in addition to WMI static ports .

 

http://community.f-secure.com/t5/End-point/Dynamic-firewall-rules/ta-p/20664

 

Br,

 

LarrY

Aquaflow

I put this up to tech support.  It turns out that while I had dynamic ports on WMI, the firewall by default blocks EPMAP.  I put in the suggested rule for it and all is good now.