Endpoint Protection Small Business Edition

We are trying to use TV version 9 (free) and have hit the firewall.  SEP will not let the connection through althorugh we have plenty of connectivity in the browser, other applications etc.  TV is the only one SEP is blocking.

How do I know SEP is blocking?  Well, I diabled the SEP firewall by disabling it.  TV then worked fine.  Turned firewall back on, TV fails again.

I've created a special TV firewall rule and set it at the top of the firewall rules stack.  In there I have set it up like this:

 

Note:  Scheduling is completely disabled on the fifth tab.

 

Here's the traffic log with this enabled and in place: (I hope this frame is large enough - I'll try to split the view into two frames...)

Left side:

Right side:

 

I don't see any "Rule" entitled "Block_all".  Notice too that the Remote/Local Hosts names are not valid IP's.

I wish SEP had a more "interactive" mode where I could get it to tell me with a pop-up what it's blocking but there doesn't seem to be any.  I probably could figure it out from that, but...

Does anyone know how to poke a hole in this firewall to allow this applicaiton out into the world?

Thanks for any advice.

H

 

 

 

 

 

 

 

 

Did you check the logs on the sep to see which rule is blocking it?

Seems I can't copy/paste images here even though the posting UI alowed it.  I can't edit this post either.

I'll try to include screenshot attachments here.  Hope this doesn't foul up my getting an answer...

H

Yes, see my screenshots, I just uploaded them since the embeding didn't work.

The offending rule is "Block_all" which I can't find anywhere.  See #6 or #7 in the screenshots.

Where is this "Block_all" rule located?:  How do I interpret that?

 

H

Block all is a built in hidden rule. You cannot configure it. Add a new rule to allow traffic and move to the top of the rule stack

Yeah not able to see the screen shot earlier :)

Block_All is the last rule, it that rule is blocking tht its ignoring the earlier one ( ones listed on top) you need to create a new rule and move it up the stack

Hi there, thanks for jumping in,

I believe I did exactly that before coming here.  See screenshot #1.

This is easily the most confusing part of SEP SBE...  If it gave you some sort of feedback, it might be a lot easier...

Would you like to see more of the rule I created?  And, I is positioned correctly I do believe.

H

Question:  Does the computer need a re-boot after modifying the rule stack???  If I log off and back on again, does that impose the modified rule stack?  Am I not imposing the rule correctly?

H

I'm on a mobile so nothing will show up for me

Takes effect immediately, no reboot is needed

Well, Brian - if you get into a position where you can look this over, I'd appreciate some advice on it.  Right now it's completely stopping us from using TV in our non-profit food pantry.  We do have RDC set up but TV is much easier for people to use - once we can get it working with SEP.   Once I get one machine done, I'm sure I can rotate through the other 7 we haven't touched yet.

Is that doable?

Or maybe one of the other folks here have some ideas.  I really don't know what else I can do at this point....

H

By the way,folks - I may have left off that these machines are all in an "Unmanaged" setting.

H

No worries, when I get in front of a PC I'll have a look :)

OK, thank you.

Meanwhile, I've gone over the TeamViewer's forum and posted a question there as to what services/applications/processes TV uses to do what it does.  I'm noting too that at:  http://www.symantec.com/business/support/index?page=content&id=HOWTO80714 Symantec points out that simply unblocking an app or .exe may not be suffiicient.  There may be "stuff" riding underneath it and out of view.  Something to consider...

H

Can you try excluding via the port? Looks like tcp 5938

http://www.teamviewer.com/en/help/334-Which-ports-are-used-by-TeamViewer.aspx

Well, Brian -

You know the saying, "The best fixes are usually the easiest".  I rebooted the system.  This is probably the first thing I should have thought of.  Because the reboot apparently reloads the rule set and causes the rule to be imposed and in the correct requested order.

Problem is solved by creating the rule, placing at the top of the stack and rebooting the computer.  That's all I did.  But I didn't get back here in time to post before you came up with port 5938.  Sorry...

Simple, yet so annoying...

Thanks to all.  I shall give Brian credit for his excellent help.

H

That's interesting on the reboot because I've never seen that before. I've created rules and they take effect right away.

Nonethless, glad it's working for you :)