To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

How do you allow remoteadmin / WMI trough Client Security Firewall?

mjokinen
mjokinen MyAccount Posts: 3 Security Scout
in Business Suite

In windows firewall I can do this:

 

call netsh firewall set service RemoteAdmin enable
call netsh firewall add portopening protocol=tcp port=135 name=DCOM_TCP135

 

But does f-secure support somehow the random wmi ports? 

Comments

  • MJ-perComp
    MJ-perComp Posts: 669 Firewall Master

    Application Control is responsible for monitoring inbound traffic for allowed "server" applications. Nevertheless if the possible ports are disallowed for inbound traffic in the ruleset (application control fires just before the "deny all") you need to select a different ruleset and maybe define some user rules.

     

    BR

  • mjokinen
    mjokinen MyAccount Posts: 3 Security Scout

    I have opened port 135 for dcom, but then the service called RemoteAdmin = WMI can't be defined very clearfully cause its Windows service which runs under svchost.exe.

     

    I have one wmi management/monitoring system which needs to connect clients remotely trough wmi and that dcom port. Currently only solution which works at the moment is to open all ip traffic between management server and f-secure clients.

     

    So if anyone knows how to do it "by the book" , I would like to hear a solution!

  • johan65
    johan65 Posts: 18 Security Scout

    Hi dear!

     

     

    Please try these:

    • ICMPv4 Inbound/Outbound
    • TCP Ports 135 and 445 Inbound - for WMI
    • UDP Port 137 Inbound - for Registry Information
    • TCP 1024 - 2000 Inbound - Dynamic Ports for WMI
  • MJ-perComp
    MJ-perComp Posts: 669 Firewall Master

    Hi,

    allowing TCP 1024-2000 inbound is almost the same as disabling the firewall!

    Is WMI changing the port after it has started? if not Application Control should be able to handle that problem.

     

    What firewall ruleset are you using?

     

     

  • celavey
    celavey MyAccount Posts: 6 Security Scout

    Hi, mjokinen.. Were you able to work on this? I am getting the same response..image

  • mjokinen
    mjokinen MyAccount Posts: 3 Security Scout
    @MJ-perComp wrote:

    Hi,

    allowing TCP 1024-2000 inbound is almost the same as disabling the firewall!

    Is WMI changing the port after it has started? if not Application Control should be able to handle that problem.

     

    What firewall ruleset are you using?

     

     

     

    Hi I'm using office lan security level if you are asking that?
    How could the application control handle the WMI requests if I may ask?



  • MJ-perComp
    MJ-perComp Posts: 669 Firewall Master

    Hi,

    have a look at the profile and you see a deny rule for remote management. Look at the details.

    EPMAP/Microsoft DCE.. is the service that is blocked.

     

    Add a new rule "WMI", add the service EPMAP and allw inbound communication for the host(s) that shall be allowed to do remote administration.

     

    This should be enough to get it working.

     

    HTH

    Matthias

This discussion has been closed.

Categories